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Introduction: The newest spy 



Spyware can easily run on mobile devices. 



It's in malware 

and its 
commercially 
available. 




Mobile malware up 273% in first half of 201 1 

Monday 12 September 12:00 

Malware for smartpho-nes and tablets- is up 273% in the first 
half of 201 1 , compared with the same period in 2010, a study 
has- shown. 

Research fro m G Data Security Labs shows cyber criminals are 
increasingly targeting mobile devices, with cross-platform Trojans 
dominating the malware landscape. 

In ttie fkst half of 201 1 , researchers recorded one new malware 
stram every twelve seconds on average. G Data baBeves ttiere 
is no end in sight to this malware Hood. 

*VWth mobile malware, cyoe r crimina Is have discovered a new 
busmess model," said Eddy Wi I terns, security evangelist at G 
Data. 

Even though this special underground market segment is stl 

being set up, there is an enormous risk potential for moble devices and ther users, Willems said 

NickiBot: 

Spyware (GPS monitoring, sound recording, call 
logs, e-mail uploading) 
Fully controlled by SMS messages 
Appears as "Android System Log" under installed 
applications 

(See www.csc.ncsu.edu/faculty/jiang/NickiBot.) 

According to Willems, researchers are expecting 

another spurt of growth in the moble malware sector ri the second half of the year. 



■Qveral, G Data research shows malware is on the rise, 
with a new record set ri the fist half of 201 1 of 
1,245,403 new pieces of malware identified, a 15.7% 
increase compared to the second half of 2010. 

Willems says this growth is expected to continue over 
the next six months and is on course to reach an 
annual total of new malware strains for the year of at 
2.5 million, compared with just over 2 million in 2010. 
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Soundminer Android Ma I ware 
Listens, Then Steals, Phone Data 

By Jeremy Kirk, IDG Haws 

Researchers have developed a low-profile Trojan horse program for Google's Android 
mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus 
software. 
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The malware, called Soundminer, monitors phone calls 
and records when a person, for example, says their credit 
card number or enters one on the phone's keypad, 
according to the study, 

Using various analysis techniques, Soundminertrimsthe 



Soundminer 

- Monitors phone calls (voice and keypad) 

- Sends credit card data over the network 

- Paired app with another Trojan 



to transmit data, intercept outgoing phone calls and access contact lists might look 
suspicious. 

So in another version of the attack, the researchers paired Soundminerwith a separate 
Trojan, called Deliverer, which is responsible for sending the information collected by 
Soundminer. 

Since Android could prevent that communication between applications, the researchers 
investigated a stealthy way for Soundminerto communicate with Deliverer. They found what 
they term are several "covert channels," where changes in a feature are communicated with 
other interested applications, such as vibration settings. 

Soundminer could code its sensitive data in a form that looks like a vibration setting but is 
actually the sensitive data, where Deliverer could decode it and then send it to a remote 
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August 22, 201 1 1 2 Comments 



Mobile Mai ware Threats Growl Now They can Steal 
Photos From Your Phone. 




(f you're new here, you may want to subscribe to iny RSSfeed, Twitter and Facebook.Thanks for visiting! 
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Mobile devices are being tar 
they can use to steal money 
most countries. A good deal 
malware tends to include stu 



Hackers are disgui; 
tens of thousands c 
Marketplace orApp 
communications (N 
or Visa's payWave 



F-Secure: 

Photoscraping for harassment and blackmail. 



Thanks to F-Secure team we know that 



Chinese malware likes to spy. we've been keeping an eye out for various funclions r such as pholo 
scraping. Stealing photos from a phone could be used for harassment and blackmail. A member of 
Threat Response team in F-Securejust found something interesting in a Symbian malware sample. 



And what they find is very disturbing: 



The code of Trojan:SymbOSJSpinilogA includes a class named CMyCameraEngine which inherits and 
implements the Symbian class MCameraObserver. This enables the trojan to receive control when an 
image has been captured with the camera, Spinilog A then encodes the ra w bitmap to a JPG, which it 
saves to the nhnne's memorv. This feature seems to still he unused and nossihlv incomnlete as the 



Does Your Smartphone Need Anti-Virus Protection? 




After hearing about what happened to Scarlett Joharssor it seems like everyone is talking 
about what they can do to keep the private data on their smartphone private. While it is 
important to follow best practices, it might be time, depending on which OS you rock on 
your smartphone, to consider adding an extra level of protection, 



Like 



Commercialization of spyware 



BlackBerry Spyware 



Monitor, Trace and Track BlackBerry Smartphones 

BlackBerry Spyware Spyphone Software 

BlackBerry Spy technology delivers find out the specifics as to what people are saying on their Android as well as 
who they really are talking to. Trace BlackBerry Phone Calls . Track BlackBerry Location; and determine 
what is in SMS texts and email; find out internet activity; and a whole lot more. With BlackBerry Mobile 
Phone Spy Software programs you may even cell phone tap to listen to smartphone calls and spy call 
transform the smartphone right into a covert bug device. The BlackBerry operating system is particularly popular 
with mobile device software developers and normally BlackBerry Spy applications are packed with features 
unavailable with other systems; making BlackBerry Spy software powerful as solutions to Parental Monitoring ■ 
Workforce Monitoring and uncovering Cheating. 
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v iPhone 



^BlackBerry 



imi 003=300 




■BlackBerry 





Go to Phone Monitoring Websites 



Compare Phone Monitoring Software 



NOKIA 

symbian 



IBM Windows 

m Mobile 



BlackBerry Spy 

Monitoring and Tracking applications is designed for most type of 
ElackBerrys but there are a few limitations — if you're looking to capture 
a history of Website Visits or Check MMS multi-media messages (images, 
music and video], unfortunately BlackBerry will not support keeping track 
of that. BlackBerry Tracker, Review SMS Texting &. E-mail, Call Event 
Logging, Cell Phone Tap Calls and much more. 



Goto Phone Monitoring Websites 



Compare Phone Monitoring Software 
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'SHERIFF 



Mob/Stealth 



Did you catch the list of 
compatible devices? \ 



BlackBerry Spyu 



Monitor, Trace and Tra< 

BlackBerry Spyware Spy phone 

BlackBerry Spy technology delivers fir 
who they really are talking to. Trad 
what is in SMS texts and email; fin 
Phone Spy Software programs you 

transform the smartphone right into a 

with mobile device software developers and normally BlackBerry Spy applications are packed with features 
unavailable with other systems.; making BlackBerry Spy software powerful as solutions to Parental Monitoring. 
Workforce Monitoring and uncovering Cheating. 
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Go to Phone Monitoring Websites 



Compare Phone Monitoring Software 



'BlackBerry, 



M! 003300 



NOKIA 

symbian 



it ,' Windows 

Mobile 



Some commercial versions 
don't require rooting of the phone. 



* iPhones need to be jailbroken. 



So what does it do? 



Commercial spyware may capture 



SMS activity 

Location/GPS coordinates 

Pictures 

Videos 



Inbound/outbound call logs 
Browser activity (URLs) 
E-mail 

Identify SIM card changes 



Interactive mode may include 



Taking pictures 
Recording videos 

Record conversations/background via calls 

Wiping the phone 

Viewing the target phone's screen 



Harvested data sent back to a server 




For example: 



^= English 



HOME ' CALLS 1 SMS ' GPS ' PHOTO 1 URLS I PHONE ' LOGOUT ' 



Call Details !!! 



Calls From: 05/23/2012 



CallsTo : 05/23/2012 



Call Type: I Ail 



Jj Keyword : 



□ 


Serial No 


Time of Call 


Phone Number 


Type Of Call 


Duration 




1 


2012-05-23 04:24:22 


-999999# 


Outgoing 


00:00:00 




2 


2012-05-23 04:23:46 


*999999# 


Outgoing 


00:00:04 


□ 


3 


2012-05-22 17:37:43 


999999 


Outgoing 


00:00:00 


□ 


4 


2012-05-22 17:18:35 




Outgoing 


00:00:26 


□ 


5 


2012-05-22 17:14:26 


57 1H ■ 


Outgoing 


00*0:11 


□ 


6 


2012-05-22 17:13:36 


*OQQQOOJi 
33 33 33 r h 


Outgoing 


00:00:16 




Delete Selected 




Download CSV 



Displaying 1 to 6 (of 6 Records} 
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Most Advanc 
Software f 



List of 
Functions 



Log Viewers 

@ Account Summary ^£ 
% Call Details 
H SBS Details 
„c» GPS Details 
I?; Url Details 
" Cell Location 
m Photo Details 
*S Phonebook 
^ Calendar Details 
*^ Call Recordings Details 

Environment Recordings 

Live Pictures 
£ Live Videos 
1 Live Functionalities 
H Settings 

Change Password 
■fll Logout 



Products 



Buy Online Stealth Club 



Logged in as Michael Robinson [Logout] 




Stealth Club > My Phones > SMS History 



List of Text Messages 



yj Account Home 

±] Add New Phone 

jj View Phones 

yj Installation Guide 

yj Blackberry Messenger 

Configurations 

jj How Spy Call Works 

2j Invoices 

2j Update Profile 

yj Change Password 

jj Logout 



yj Calls History 
yj SMS History 
yj Contacts 

yj Appointments History 

yj Internet Browsing History 

yj Bookmarks History 

yj Emails History 

yj Messenger Chat History 

yj Recent Location 

yj Location History 

yj Calls Recording History 

yj Surround Recording 

History 

jj Pictures History 
yj Videos History 



SMS His 



Phone | Phone- 1 : | SMS Type | ALL Sort By | SMS Date/Time t | Order | Descending 4 | 

Download in CSV (_) Current Page All Pages 
□ Ty pe Sender Recipient SMS Text 




□ 


Received 




57i^^H 


Hottie Jt^^^ 


2012-05-22 
21 :45:25 


□ 


Sent 




703^^H 


Test received 


2012-05-22 

17:18:12 


□ 

□ 


Received 
Sent 




57'i^^B 


Su perdu pert est 
I 


2012-05-22 
17:17:44 

2012-05-20 
21 :51:01 


□ 


Received 




57'i^^H 


Hey. Guess where I am? 


2012-05-20 
21 45:41 


□ 


Sent 






I 


2012-05-20 
16:01 :35 


□ 


Received 




57'i^^B 


Thanks. What is the plan for tonight? 


2012-05-20 
16:01:10 


□ 


Sent 


57 J 






I 




2012-05-20 
16:01:14 


□ 


Sent 


57 






2012-05-20 
1556:36 




l^ceived 


80 






2012-05-20 
13:51 :46 


□ 


Sent ^ 




List of Functions 




2012-05-20 
13:21 :41 


□ 


Received 


80 




2012-05-20 
13:05:46 


□ 


Sent 


57 






2012-05-20 
13:04:50 
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2012-05-16 




SPY Bubble"" 

I / Truth Exposed 




HOME ' CALLS ' SMS ' GPS ' PHOTO I URLS I PHONE 1 LOGOUT ' 



Live Photos Details 

From: 05/23/2012 



TO! OS/23/2012 




1337672867 jpg 
2012-05-22 
00:47:42 



Delete Selected 



□ lp- 
1337648244 jpg 
201 2-05-21 
17:57:02 



Displaying 1 to 1 [of 2 Records} 
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Secure 




Data 




Backup and 




Remote 




Wipe 


Download Now 





Log Viewers 

@ Account Summary 
# Call Details 

SMS Details 
,ie» GPS Details 
g LH Details 

Cell Location 



Live pictures 



Any Question? 



Stealth Club > My Phones > Location History 



Logged in as Michael Robinson [Logout]! 



2j Account Home 

2j Add New Phone 

>j View Phones 

>j Installation Guide 

2j Blackberry Messenger 

Configurations 

2j How Spy Call Works 

►j Invoices 

_>j Update Profile 

yj Change Password 

jj Logout 



C.IIFht 



yj Calls History 
yj SMS History 
hj Contacts 

2j Appointments History 

2j Internet Browsing History 

yj Bookmarks History 

*] Emails History 

jj Messenger Chat History 

2j Recent Location 

2j Location History 

yj Calls Recording History 

yj Surround Recording 

History 

yj Pictures History 
yj Videos History 



Camp 



yj Access Tracker 
yj Bookmarks History 
yj Emails History 
yj Internet Browsing History 
yj Keystroke Logs 
yj Location History 
yj MSN Chat History 
yj Screenshot History 
yj Skype Call Recording 
yj Skype Chat History 
yj Surround Recording 
History 

yj YAHOO Chat History 



Location 



Starting From 



| Phone- 1 t ] 2012-05-19 
M Show empty/unavailable location records 



2012-05-22 



Show | 



Download in CSV (•) Current Page • • All Pages 



| Download 
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^ — — — 
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[ ^3 
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Springfield 

POWERED BY i 2 mi 



Google 



ip 

a. 



Lincalnia 



■Shiriington 
North Ridge 



Seminary 
Hill 

Taylor Run 

(24?) 



Huntington 




Old Town 
West 



Alexandria ■ v o Q V 



•Jaw 



To get the address of a location, click the certain marker on above map. 



□ 




Date 


Phone 










□ 


1 


2012-05-20 21 35:43 


571 




□ 


2 


2012-05-20 21 47:43 


571 




□ 


3 


2012-03-2016:17:26 


571 




□ 


4 


2012-05-20 16:09:27 


571 




□ 


5 


2012-05-2016:01:28 


571 




□ 


6 


2012-05-20 15:53:27 


571 




□ 


7 


2012-05-20 15:45:27 


571 




□ 


9 


2012-05-20 15:37:26 


571 


I 


□ 


9 


2012-05-20 15:29:26 


571 




□ 


10 


2012-05-2015:21:26 


571 




□ 


11 


2012-05-2015:13:26 


571 




□ 


12 


2012-05-20 15:05:24 


571 




□ 


13 


2012-05-20 14:57:25 


571 




□ 


14 


2012-05-20 14:49:23 


571 




□ 


15 


2012-05-2014:41:23 


571 




□ 


16 


2012-05-20 14:33:23 


571 





Latitude 
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Longitude 



36 03569444444444 
36 03569444444444 

38.86923611111111 




.14902777777777 
14902777777777 
■77.0493l||5555555 



GPS Coordinates 
(Actually cell phone towers^ 



38.801180555555554 



-77.17333333333333 
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MONITORING 

for Software 
Mobile Phones 
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Listen Phone Surro 



Track Current I 



Monitor Text M 



mEM Vi ew Web Histo ry 



Stealth Club > My Phones > Calls Recording History 



Logged in as Michael Robinson [Logout] 




Logged in as Michael Robinson [Logout] 



jj Account Home 

2j Add New Phone 

jj View Phones 

2j Installation Guide 

2j Blackberry Messenger 

Configurations 

yj How Spy Call Works 

yj Invoices 

2j Update Profile 

ij Change Password 

>j Logout 



jj Calls History 
yj SMS History 
jj Contacts 

yj Appointments History 

ij Internet Browsing History 

yj Bookmarks History 

yj Emails History 

yj Messenger Chat History 

yj Recent Location 

yj Location History 

yj Calls Recording History 

yj Surround Recording 

History 

yj Pictures History 
yj Videos History 



Phone I Phone- 1 i | Observed Number | ALL £ | Sort By | Stealth Date/Time i | Order | Descending i \ | Show | 

Q Select All/ Deselect All 





□*> 




□*) 


Number: 7C3£^| 


Number: 7C3^| 


Number: 571 


Number: 


2012-0S-22 17:t 


2012-05-21 17:5 


2012-05-20 15:5 


2012-05-20 13:4. 


Number: 41Q£^| 
2012-05-2013:40:32 





Delete Selected Download Selected 

How to playthese recordings? 



Recorded phone calls 



Alerts can be sent to a monitoring phone via SMS 
directly from target or from the website. 




Commands can be sent to the target phone 
via the observing phone or website. 




Principle differences between 
malware and commercial versions: 



Attack vector 
(delivery method) 

Logging 



Installation 

• Physical access: required. 

• Android rooting: not always required. 

• iPhone Jailbreaking: required. 

• Internet connection: required. 

• Ability to install apps from unknown 
sources.: required 

• Device may need to be rebooted. 




The BIG question: 



How do you know if you've been PWN'd? 



You wouldn't know, would you? 
Spyware is "undetectable." 



Q: Will other people know that SpyBubble is installed or running on the mobiles I 
provide them with? 

A: No, there is no icon or symbol that shows the status of SpyBubble on the screen of the 
mobile. 



Will users know MobiStealth is installed or running? 

Mo bi Stealth uses the latest innovations in mobile monitoring to keep your monitoring safe and secure. There are no indications that MobiStealth is 
running while it is active. It runs in completely stealth mode. 



Will users know Mobile Spy Is installed or running? 

Mobile Spy uses the latest innovations in mobile monitoring to keep your monitoring safe and secure. 
There are no indications that Mobile Spy is running while it is active. The program has no entries in the 
User Menu, and its files are extremely discreet. Best of all, when Mobile Spy is running, there is NO 
entry for it in the Task Manager. So it is your responsibility to notify any user they are being monitored. 



Here's what we did: 



We forensically examined smart phones 

infected with different 
commercial spyware products. 




HTC Wildfire S (rooted) 

on T-Mobile 



LG Optimus Elite 
on Virgin Mobile 

LG Optimus V 
on Virgin Mobile 

Samsumg Galaxy Prevail 
on Boost/Sprint 

Apple iPhones 4s (jailbroken) 

on T-Mobile 
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SPY SOFTWARE FOR SMARTPHONES 
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Revealing Secrets Since 2005 



Call Us! 

U3A:(1)646-24<W063 
UK: {44} 207-979-7126 



PRODUCTS SUPPORT ' QUICK BUY 

al Disclaimer 




LEGAL DISCLAIMER 

Get the facts and understand your liability 




Flexispy Ltd. Full Legal Disclaimer 

Updated £011 

In some areas it may be a Federal or State offense to install software onto a phone you do not own, without the owners awareness & 
consent. We do not condone the use of our software for any illegal purpose. By purchasing, download or using our software in any 
way, form or fashion, you acknowledge & approve the following; 

1 . You represent that FlexiSPY will be used exclusively in a lawful manner. If you're in doubt as to the legality of your planned usage 
we require you consult with a registered attorney for the jurisdiction where you intend to use FlexiSPY. 

2. You acknowledge you own the mobile phone you will install the software on, or have consent from the owner to administrate the 
device & install software onto it. 

3. FlexiSPY ltd will never release any of your private information or account data for any reason whatsoever, EXCEPT under threat of 
legal action or court order. If you use our software to commit a crime & a warrant or subpoena for records is issued by court order 
as part of an ongoing investigation, we are legally bound to comply. This may include the release of purchase information or other 
customer data as ordered by a judge. 

4. You acknowledge that you are solely responsible for how you use the software, & for complying with all relevant laws in your area. 
You also acknowledge that neither FlexiSPY ltd, nor any of its agents, affiliates, directors, employees & associates may be held 
liable, responsible or accountable for any type of damage, litigation or other legal action, which may arise either from your legal or 
illegal use of FlexiSPY software, websites, or any other software & under no circumstances will you be eligible for any form of 
compensation from the aforementioned. 
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End User License Agreement 



End User License Agreement (Ell LA) 

It may be a federal and/or state offense to install monitoringjsurveillance software onto a Phone/Computer which you do not own or have proper 
authorization to install. It may also bean offense in your jurisdiction to monitor the activities of other individuals. Check all state, federal and local 
laws before installing any Monitoring Software such as Mobistealth. You may also have to notify a person that they are being monitored If they are 
over age 18- . Federal or local law governs the use of some types of software; it is responsibility of the user to follow such laws." 

The Computer Fraud and Abuse Act TCFAA". 16 U.S.C. $ 1030) 

In Section 1030(g), CFAA provides that "[a]ny person who suffers damage or loss by reason of a violation of this section may 
maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable rolief," 1& U.S.C, 
1030(g). CFAA defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information." Id. at 
§ 1030(e)(8). CFAA defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a 
damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue 
lost, cost incurred, or other consequential damages incurred because of interruption of service." fd. al§ 103Q(e)(11). 

*lt is the responsibility of the service user to determine, and obey, all applicable laws in their country and/or local jurisdiction regarding the use of 
the software and services. The software and service is intended to provide the Licensee with the ability to capture, store and control their own 
access to information. 

installing Mobistealth, you represent that Mobistealth will be used in only a lawful manner. Logging other people's Cell Phone or Computer data or 
installing Mobistealth on another person's Phone/Computer without their knowledge can be considered as an illegal activity in your country. 
Mobistealth assumes no liability and is not responsible for any misuse or damage. It is the final user's responsibility to obey all laws in their country 
and/or State 

Regardless of the slate, It Is almost always illegal to record a conversation to which you are not a party, do not have consent to tape, 
and could not naturally overhear, Federal law and most state laws also make it illegal to disclose the contents of an illegally 
intercepted call or communication, 

Federal law and most state laws also make it illegal to disclose the contents of an Illegally intercepted call or communication, 
We do not manage the data, nor control distribution of data, nor access personal data captured or stored on servers and databases we provide. 
We cannot, and have no responsibility to. access, recover, retrieve or read any data or information captured by Licensee or other party use of the 
software and service. The publisher and vendor make no warranty, assume no liability, and are not responsible in any way for any misuse or 
damage caused by using the software or services. The software user must accept all risk and liability for use. Use of the software and service 
constitutes acceptance of these terms & conditions and grants indemnification of the software supplier. All trademark, copyright images and 
word marks displayed on this website are property of their respective owners. 
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I If your mission is 
' to spy on 
someone who uses a Black Berry or 
an Android phone, a service called 
Mobistealth (left, $80 for three 
months) promises to enable you to 
monitor... 

more details *^ 
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Refund Policy 

1 . If there is any issue with functionality of Mobistealth on your Phone/Computer then we shall work with you to resolve the issue. If issue 
cannot be resoled only then a refund will be issued. Customer is required to report the issue within 10 days of purchasing Mobistealth. 

2. Customer bears the responsibility of installation of software on the target Phone/Computer that needs to be monitored. In the event a 
purchase is made under the false assumption that physical access is not needed to install the software on the target/monitored 
Phone/Computer, Mobistealth is not liable to issue any refund. 



Disclaimer: SpvBubble is a Mobile Phone Spy Software, basically designed for monitoring your spouse, children or employees having Smartphone. Either you should own the 

phone or you should have permission to monitor from the user of 7 smartphone. 

If you fail to comply, depending on federal and state laws, you could be breaking the law. The SpyBubble will allow you to monitor Mobile phones as a tool MOT for illegal 

purposes. Use only at your discretion. The use of the software is done at your own discretion and risk and with agreement that you will be solely responsible for any 
damage to your Mobile or loss of data that results from such activities. No advice or information, whether oral or written, obtained by you from us or from the SpyBubble 

web site shall create any warranty for the software. In addition, you agree to hold harmless the publisher and authors personally and collectively for any losses of 
relationships, capital (if any) that may result from the use of this application. Your use of SpyBubble like other software agreements,, indicates your acceptance of these 

disclaimers. 



NOTE : AW trademarks on this site are property of their respective owners. These companies are not affiliated with SpyBubble.com in any way. Mentioned trademarks are 
used solely for the purpose of describing phone and carrier compatibility for our mobile phone spy software. 



User Legal Agreement 

Information regarding our products and services. 



All users are required to accept these terms as well as the terms located on the Legal Information page when creating 
your account and upon purchase. 

It is a federal and state offense to install surveillance software onto a device which you do not have 
proper authorization, 

We absolutely do not condone the use of our software for illegal purposes. 

In order to purchase our software you MUST agree to the following conditions. 

1 . You acknowledge and agree that you own the device you will install the software onto OR that you have the 
expressed written consent of the owner to be an authorized administrator of the device and its users. 

2. If you install our software onto a phone which you do not own or have proper consent, we wiil cooperate 
with law officials to the fullest extent possible. This includes turning over requested customer data, and any 
other purchase/product related information. 

3. You agree that you will check all local, state and federal laws to make sure you are complying with all laws 
in your region. It may be illegal in your region to monitor other individuals on your own device. You will never 
monitor any adult without their valid permission. 

4. You agree to the conditions in our EULA (End-User License Agreement). This includes the fact that we are 
not liable for any type of damage, litigation, or legal predicaments that may arise due to use or abuse of Mobile 
Spy or any other product. 

5. All logs are subject to deletion after thirty (30) days for maintenance purposes. 
© 2002-201 1 Retina-X Studios, LLC. All rights reserved. 




End User License Agreement 

NOTICE TO USER: PLEASE READ THIS CONTRACT CAREFULLY. BY USING ALL OR ANY PORTION 
OF THE SOFTWARE YOU ACCEPT ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT 

1. The user hereby undertakes to use the software responsibly and obey all applicable laws in which ever 
jurisdiction the software is operating. 

2. The user understands that the Server side data is held for the purposes of downloading to their own 
systems and that this should be done on a regular basis and at least every seven (7) days. If data is not 
downloaded within this period Spyera reserve the right to permanently delete it. 

3. The user explicitly indemnifies Spyera for any harm financial or by reputation that may arise as a result of 
the misuse of this software. 

4. Intellectual Property Rights. The Software and any copies that you are authorized by Spyera to make are 
the intellectual property of and are owned by Spyera Software LLC [Hong Kong}. The Software is protected 
by copyright, including without limitation by international treaty provisions and applicable laws in the country 
in which it is being used. You may not copy the Software, you may however transfer the license from one 
phone to another providing the original device is first deactivated. You agree not to modify, adapt or 
translate the Software. You also agree not to reverse engineer, decompile, disassemble or otherwise 
attempt to discover the source code of the Software without the express written permission of Spyera . This 
Agreement does not grant you any intellectual property rights in the Software. 

5. Transfer. You may not rent, lease, sublicense or authorize all or any portion of the Software to be copied 
onto another users phone except as may be expressly permitted herein. You may, however, transfer all your 
rights to use the Software to another person or legal entity provided that: 

fa) you also transfer this Agreement to such person or entity: 

fb) you retain no copies, including backups and copies stored on a computer; and 

fc} the receiving party accepts the terms and conditions of this Agreement and any other terms and 
conditions upon which you legally purchased a license to the Software. 

€. It is the responsibility of the user of Spyera to ascertain, and obey, all applicable laws in their country in 
regard to the use of Spyera for "sneaky purposes' If you are in doubt, consult your local attorney before 
using Spyera. By downloading and installing Spyera, you represent that Spyera will be used in only a lawful 
manner. Logging other people's SMS messages & other phone activity or installing Spyera on another 
person's phone without their knowledge can be considered as an illegal activity in your country. Spyera 
assumes no liability and is not responsible for any misuse or damage caused by our Software. It's final 
user's responsibility to obey all laws in their country, By purchasing & downloading Spyera, you hereby 
agree to the above. 
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URL history 

Title: FlexiSPY Product Download 

URL: http://djp.cc 

Cookie 

Name: JSESSIONID 
Domain: djp.cc 

Search of physical dump 

http://djp.cc/checkkeyPkey 
Submit=Download.FSXGAD_2.03.3.apk/mnt/sdcard/download/ 
FSXGAD_2. 03. 3. apkapplication/vnd. android. package-archive 
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\download\FSXGAD_2.03.3.apk 
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.bookmark_thumb1 
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A couple of glitches... 

On the version we tested, we noticed: 

• Messages appeared periodically that "unknown" obtained 
"superuser access." 

• The software didn't always launch on reboot. 

• On CDMA phones, stealthy messages sent to the target 
phone appeared to the user, i.e., they were not stealthy. 

• Stealthy phone calls did not work on CDMA phones. 
Note: A new version of the product has since been released. 
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B-P^ dropbox 
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/data/system/usagedata/usage-20120207 
contains a reference to: "com. android. insecurity" 
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WARNlNG/smscommandHel per (2016) : ==current settings== 
WARNlNG/smscommandHel per (2016) : start capture: Yes 
WARNlNG/smscommandHel per (2016) : Events :call 1 og , SMS , Emai 1 , IM 
WARNlNG/smscommandHel per (2016) : Timer :lhour 
WARNlNG/smscommandHel per (2016) : Max Event: 10 
WARNiNG/smsobserver (2017) : regi sterobserver # refid: 



WARNlNG/serviceManager(2017) : 
WARNlNG/serviceManager (2017) : 
WARNING/Ser vi ceManager (2017) : 



: enabl eCaptureEmai 1 # ENTER ... 
: enabl ecapturelm # ENTER ... 

_____ _____ ,i : di sabl eCaptureLocati on # ENTER ... 

WARNlNG/GpsTr acki ng(2017) : disable # ENTER ... 
WARNiNG/EventDatabaseManager (2017) : countTotal Events # type_call: 0, type_sms: 0, 

type_location: 0, type_im: 0, type_system: 2, 
WARNlNG/EventManager (2017) : processNumberof Events # Number of events: 2 / 10 
WARNiNG/socketstmcsms(2067) : Found a new sms 
WARNING/Socketstmcsms(2067) : SMS command is detected I -> H ide 

WARNING/SmsCommandManager (2016) : pr o cesssmscommand # +15712^ H : <*#1Q><0610776_ 

WARNiNG/socketstmcsms(2067) : Forward sms: false 

WARNiNG/EventDatabaseManager (2017) : countTotal Events # TYPE_CALl_: 0, TYPE_SMS: 

TYPE_LOCATION: 0, TYPE_IM : 0, TYPE_SYSTEM : 

WARNlNG/EventManager (2017) : processNumberof Events # Number of events: 3 / 10 
WARNING/Socketstmcsms(2067) : is Enable: true, Edition: PROX 
WARNING/Socketstmccall (2067) : |5PTT_f!_7^ 



type_email: 0, 
Total : 2 



0, 
3, 



TYF 
TOt 



um, LU I L I UM. MkUA 

t Monitor Number: "+1571 _ 
et Monitor Number: "+15712 
sendResponse # response: 

all" : Yes ,+15712 



Hidden SMS command: 
<*#50> 
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WARNiNG/socketstmcsms(2067) : s 
WARNING/Socketstmccal 1 (2067) : 
WARNlNG/smscommandHel per (2016) 
WARNlNG/smscommandHel per (2016) 
WARNlNG/smscommandHel per (2016) : ca 

per (2016): WL status :Di sab 
(2067): set keyword#l: 1 
(2067): set keyword#2: "" 
Manager (2017) : countTotal Events 

V " TYPE_I_ OCATIQN : 

(^Z) 
_(206>* 

WARNING/Socketstmcsms(2067) 



3. 3] [10] OK 



Confirmation of 
response sent to 
remote system 



# type_call: 
type_im: 0, 

U_i____l_____fi_______i___i_i 



0, TYPE_SMS: 
TYPE_SYSTEM : 
i____________^________i 



type_email: 0, 
Total : 4 



Found a new sms 

sms command is detected I -> Hide 
Forward SMS: false 
.16): processsmscommand # +1571_^B 



<*#50><0610776l 



WARNiNG/smscommandManager (2 
WARN I N G / E ve nt Dat ab as eM an ag e 

TYPE_LOCATION: 0, TYPE_IM : 0, TYPE_SYSTEM : 5, Total: 5 

WARNiNG/socketstmcsms(2067) : isEnable: true, Edition: prox 

WARNlNG/EventManager (2017) : processNumberof Events # Number of events: 5 / 10 



■><1 . , Oxd> 



WARNING/Socketstmccal 1 (2067) 
WARNlNG/socketstmcsms(2067) 
WARNING/Socketstmccal 1 (2067 
WARNING/Socketstmcsms(2067) 
WARNING/Socketstmccal 1 (2067 
WARNING/Socketstmcsms(2067) 
WARNING/Socketstmccal 1 (2067 
WARNlNG/socketstmcsms(2067) 
WARNING/Socketstmccal 1 (206 
WARNING/Socketstmcsms(2067) 
WARNlNG/socketstmcsms(2067) 
WARNING/Socketstmcsms(2067) 



E 



isEnable: true, Edition: prox 
isEnable: true, Edition: prox 

IsEnable: true, Edition: P. 
set Monitor Number: "+1571 . 

set Monitor Number: "+1571 
set Monitor Number: "+1571 

isEnable: true, Edition: prox 
isEnable: true, Edition: prox 
__________p__i_i_____- 




set keyword#l: "" 
set Monitor Number: "+15713 
WARNING/Socketstmccall (2067) : set Monitor Number: "+15711 
WARNiNG/socketstmcsms(2067) : set keyword#2: "" 



Software version 
PROX 




WARNlNG/smscommandHel per (2016) : ==current setti ngs== 
WARNlNG/smscomraandHel per (2016) : start capture: Yes 
WARNlNG/smscommandHel per (2016) : Events :call log,SMS,Em. 
WARNlNG/smscomraandHel per (2016) : Timer :lhour 
WARNlNG/smscommandHel per (2016) : Max Event: 10 
WARNiNG/smsobserver (2017) : regi sterobserver # refid: 



WARNlNG/serviceManager(2017) : 
WARNlNG/serviceManager(2017) : 
WARNING/Ser vi ceManager (2017) : 



: enabl eCaptureEmai 1 # ENTE 
: enabl ecapturelm # ENTER . 

_____ _____ , : di sabl eCaptureLocati on # ENTER ... 

WARNlNG/GpsTr acki ng(2017) : disable # ENTER ... 

WARNiNG/EventDatabaseManager (2017) : countTotal Events # type_call: 

type_locatiqn: 0, type_im: 0, 

WARNlNG/EventManager (2017) 
WARNlNG/socketstmcsms(2067 
WARNING/Socketstmcsms(2067 
WARNlNG/smsCommandManager ( 
WARNiNG/socketstmcsms(206~ 



/d a ta/m i sc/d m/f x . I og 



ATTRIBUTION! 

Hidden SMS command & 
Registration Number 





type_email: 
Total : 2 



J: " Found a new SMS 








1: sms command is detected' -> Hide^^ 








#316) : pro cesssmscommand # +1571_^^^B 


|: <*#10xO610776_B 


^Bx+1571_^H 


■xD> 



06:23:56.263 
06:23:56.299 
06:23: 56. 306 




WARNiNG/EventDatabaseManager (2017) : countTotal Events # TYPE_CAl_l_: 0, TYPE_SMS: 0, TYPE_EMAll_ : 

TYPE_LOCATION: 0, TYPE_IM : 0, TYPE_SYSTEM : 3, Total: 3 

WARNlNG/EventManager (2017) : processNumberof Events # Number of events: 3 / 10 
WARNiNG/socketstmcsms(2067) : isEnable: true, Edition: prox 
WARNiNG/socketstmccall (2067) : IsEnable: true, Edition: prqx 
WARNiNG/socketstmcsms(2067) : set Monitor Number: "+1571 _ 
WARNiNG/socketstmccall (2067) : set Monitor Number: "+15712 

WARNlNG/smscommandHel per (2016) : sendResponse # response: 166 2. 03. 3] [10] OK 
WARNlNG/smscommandHel per (2016) : ==current setti nqs== 
WARNlNG/smscommandHel per (2016) : cal 1 : Yes ,+15712 
WARNlNG/smscommandHel per (2016) : WL status : Di sab I e 
WARNiNG/socketstmcsms(2067) : set keyword#l: 1 
WARNING/Socketstmcsms(2067) : set keyword#2: "" 

WARNiNG/EventDatabaseManager (2017) : countTotal Events # TYPE_CAl_l_ : 0, TYPE_SMS: 0, TYPE_EMAIL : 

TYPE_LOCATION: 0, TYPE_IM : 0, TYPE_SYSTEM : 4, Total: 4 

WARNlNG/EventManager (2017) : processNumberof Events # Number of events: 4/10 
WARNiNG/socketstmcsms(2067) : Found a new sms 
WARNING/Socketstmcsms(2067) : SMS command is detected I -> Hide 
WARNING/Socketstmcsms(2067) : Forward SMS: false 

WARNlNG/smscommandManager (2016) : or ocesssmscommand # +1571_^H___B : <*#5Dx0610776^M^H><1 , . 

~ = ~ — ntTotal Events # TYPE_CAl_l_: 0, TYPE_SMS: 0, TYPE_EMAIL : 
E_LOCATION : , TYPE_IM : , TYPE_SYSTEM : 5 , Total : 5 

true, Edition: prox 

erof Events # Number of events: 5 / 10 



ATTRIBUTION! 

Monitoring 
number 



UO . __■■+ . UU. __■■+ U 

08:24:00. 334 
08:24:00.429 
08:24:00.46 5 
08:24:00.466 



0XD> 
0, 



i _.h_k h j_ in ij / Of u _. r_ _: L Of L I II _. Of I ll_J ^ £.\J _l i- J 

WARNlNG/socketstmcsms(2067) 
WARNING/Socketstmcsms(2067) 

WARNiNG/socketstmccall (2067) : set Monitor Number 
WARNiNG/socketstmcsms(2067) : set keyword#2 



■_._!_ ItEywcr 

set keyword#l 
set Monitor Number 



true, Edition: prox 
true, Edition: prox 
true, Ec 
r^*T_i_J4jjber| "+15712 
or Nu^fbeJ: "+1571J 
r Numberl "+1571_f~ 
or NumbehiH_________________ 

true, Edition: prox 
true, Edition: prox 
d#l: "" 



/data/misc/dm/logcat 




_J log cat - Notepad 



File Edit Format View Help 



connecti vi tyservi ceC 167): getMobileDataEnabled returning trueD/ 
connectivi tyservi ceC 187): getMobileDataEnabled returning truei/ 



Tel ephonyRegi stryC 187) 
Tel ephonyRegi stryC 187) 
Tel ephonyRegi stryC 167) 
connecti vi tyservi ce( li 0- getMobileDataEnabled returning trueD/ 
connecti vi tyservi ce( 11 T ) : getMobileDataEnabled returning truei/ 



notifyDataConnecti on : state=l i sDataConnecti vi tyPossi bl e=true reason=tr 
notifyDataconnecti on() state=li sDataconnecti vitypossi bl e()true , reason 
broadcasiDa^^onne^^^nSt^^C^^ 



Acti vityManager ( 187): start proc com. androi d. browser tor broadcast com. androi d. browser/. htc. uti 
Tel ephonyRegi stryC 187) 
Tel ephonyRegi stryC 187) 
Tel ephonyRegi stryC 167) 



getMobileDataEnabled: true 



1015, 2001}!/ 



notifyDataconnecti on : state=2 i sDataconnecti vi tyPossi bl e=true r eason=si mLoaded i nterf aceName=rmnetO networkType=8D,/ 
notifyDataconnecti onC) state=2i sDataconnecti vi tyPossi bl eOtrue , reason=si mLoadedD/ 

broadcastDataConnecti onstatechangedC) state=CONNECTEDtypes=def ault , supl , admi n , dun , hi pri , i nterf aceName=rmnetOD/ 



statusBarservi ceC 265): updateicon si ot=data_connecti on index=16 viewmdex=12 ol d=statusBariconCpkg=com. androi d. systemui i d=0x7f 020073 level=0 vi si bl e=f al se num=0 ) 
i con=statusBar lconCpkg=com. androi d. systemui i d=0x7f 02006c level =0 visible=true num=0 )v/ 

Notif i cati onser vi ceC 187): chargi ng. . . d/ 

StatusBarservi ceC 285): old notification: when=1329526736034 ongoi ng=f al se expanded=andr oi d. wi dget . Li nearl_ayout@405e5988 contentvi ew=androi d. wi dget. Remotevi ews@405eledOD/ 
statusBar ser vi ceC 285): new notification: when=1329526768909 ongoi ng=fal se contentvi ew=androi d. wi dget. Remotevi ews@40 5ala88v/ 
Notif i cati onser vi ceC 187): chargi ng. .. D/ 

StatusBarservi ceC 285): old notification: when=1329526768909 ongoi ng=fal se expanded=andr oi d. wi dget . Li nearl_ayout@4058d4b8 contentvi ew=androi d. wi dget. Remotevi ews@405ala88D/ 
statusBarservi ceC 285): new notification: when=1329526769056 ongoi ng=fal se contentvi ew=androi d. wi dget. Remotevi ews@40 577 568D/ 
connecti vi tyservi ceC 187): connecti vitychange for mobile: CONN ECTE D/co NNECTEDD/ 
connecti vi tyservi ceC 187): adding dns 10.177.0.34 for mobileD./ 
connectivi tyservi ceC 167): adding dns 10.168.191.116 for mobilev/ 
connecti vi tyservi ceC 187) :ililllP«liPllWtllnpmi^i^^^^^^^^^^H 
LocationManagerServiceC 181): connecti vitychange for mobi 1 e : CONNECTEDD/' 

StatusBarservi ceC 285): upcW^WW^^Wg^HBW^^^Wff^WHW^^^WWWWP^^ol d=statusBar lco | |ue num=0 ) 

i con=statusBariconCpkg=com. android. systemui i d=0x7f 0200cc level =0 viffl^ 

StatusBar servi ceC 285): updateicon si ot=data_connecti on index=18 viewlndex=12 ol d=statusBarlconCpkg=com. androi d. systemui i d=0x7f 02006c level =0 visible=true num=0 ) 
i con=statusBariconCpkg=com. androi d. systemui i d=0x7f 0200a7 level =0 visible=true num=0 )i/ 

Acti vityManager C 187): start proc com. si acker . radi o for broadcast com. si acker . radi o/com. si acker . servi ce. si ackerRadi oservi ce$ExternalMedi aRecei ver : 
pid=1110 uid=10009 gids={3003, 1007, 1015}V/ 



Confirmation of 
Connection 



/data/misc/dm/logcat 




_J log cat - Notepad 



File Edit Format View Help 



connecti vi tyservi ceC 167): getMobi 1 eDataEnabl ed returning trueD/ 
connecti vi tyservi ceC 187): getMobi 1 eDataEnabl ed returning truei/ 

Tel ephonyRegi stryC 167): notifyDataConnecti on : state=l i sDataConnecti vityPossi bl e=true r eason=trySetupDataDeni ed i nterf aceName=nul 1 networkType=8D/ 
Tel ephonyRegi stryC 167): notifyDataConnecti on() state=li SDataConnecti vityPossi bl eOtrue , reason=trysetupDataDeni edD/ 

Tel ephonyRegi stryC 167): broadcastDataConnecti onstatechangedO state=CQNNECTlNGtypes=def ault , supl , admi n , dun , hi pri , i nterf aceName=nul 1 D/ 
connect i vi tyservi ce( 167): getMobi 1 eDataEnabl ed returning trueD/ 
connecti vi tyservi ce( 167): getMobi 1 eDataEnabl ed returning truei/ 

Acti vityManager C 167): start proc com. androi d. browser for broadcast com. androi d. browser/, htc. uti 1 . HTCBrowserCustomi zati onchangeRecei ver : pid=1054 uid=10Q50 gids={3003, 1015, 2001}!/ 



Tel ephonyRegi stryC 167) 
Tel ephonyRegi stryC 167) 
Tel ephonyRegi stryC 167) 



notifyDataConnecti on : state=2 i sDataConnecti vityPossi bl e=true r eason=si mLoaded i nterf aceName=rmnetO networkType=8D,/ 
notifyDataConnecti onC) state=2i sDataConnec 

broadcastDataConnecti onstatechangedC) sta |\ A s^. is* t 4- vi is* rr- s-* 4- \s* s-\ is> r- is>\ tis^s-^s- 



statusBarservi ceC 265): u^y^^ 



iata_connecti on index=16 vi 



on=statusBar lcohlpkg=com. a ndroi 
Notif i cati onser vi ceC 1671: chargi ng. . . d/ 

(hen=1329526736D34 ongoin 



Monitoring other services, 
e.g., charging. 



evel=0 visible=false num=0 ) 



roi d. widget. Remotevi ews@405eledGD/ 



statusBarServiceC 285): 

statusBar ser vi ceC 285): new notification: when=1329526768909 ongoi ng=f al se contentvi ew=androi d. wi dget. Remotevi ews@40 5ala88v/ 
Notif i cati onser vi ceC 187): chargi ng. .. D/ 

StatusBarServiceC 285): old notification: when=1329526768909 ongoi ng=fal se expanded=andr oi d. wi dget . Li nearl_ayout@4058d4b8 contentvi ew=androi d. wi dget. Remotevi ews@405ala88D/ 

StatusBarServiceC 285): new notification: when=1329526769056 ongoi ng=fal se contentvi ew=androi d. wi dget. Remotevi ews@40 577 568D/ 

connecti vi tyservi ceC 187): connecti vitychange for mobile: CONN ECTE D/co NNECTEDD/ 

connecti vi tyservi ceC 187): adding dns 10.177.0.34 for mobileD/ 

connecti vityserviceC 167): adding dns 10.166.191.116 for mobilev/ 

connecti vi tyservi ceC 187): tetherEasEnabl ed :trueD/ 

LocationManagerServiceC 167): connecti vitychange for mobi 1 e : CONNECTEDD/' 

StatusBarServiceC 285): updatelcon si ot=phone_si gnal index=20 viewlndex=13 ol d=statusBar lconCpkg=com. androi d. systemui id=0x7f 
icon=statusBariconCpkg=com. android. systemui i d=0x7f 0200cc level =0 visible=true num=0 )d/ 

StatusBarServiceC 285): updatelcon si ot=data_connecti on index=16 viewlndex=12 ol d=statusBarlconCpkg=com. androi d. systemui id=0 



ActivityNlanager C 187) 



art proc com. si acker . radi o for broadcast com. si acker . radi o/com. si acker . ser vi ce. si a> 
d=1110 uid=10009 gids={3003, 1007, 1015}V/ 



31 



Starting process: 
com.slacker.radio 
Includes PID 



/data/misc/dm/logcat 



su. Permi ssi onsobser vi ce( 653): 
su. Perinf ssi onsobser vi ce( ^53): 
su. Permi ssi onsobser vi ce( 
su. Permi ssi onsDbservi ce( 



653) : 
V_ 

su. Permi ssi onsobser vi ce( 653): 
□ 




got cursor from su.dbD/ 



653) : 



row 46 dirty, handle itD/ 
needs deletedo/ 
delete completedo/ 



closing permissions, sql iteD/ 



Androi dRunti me(15717) 
l^ndroi dRunti me(15717) 
Androi dRunti me(15717) 
Androi dRunti me(15715) 
Androi dRunti me(15715) 
Androi dRunti me(15716) 
Androi dRunti me(15716) 
Androi dRunti me(15715) 
Androi dRunti me£L5Zl£l 



Androi dRunti ie(15716) 
Androi dRunti ie(15717) 
Androi dRuntile(15715) 



Database maintenance 



»»» Androi dRunti me start com. androi d. i nternal . os. Runti meinit «««D/ 
checkJNi is qffd/ 
□/ 

»»» Androi dRunti me start com. androi d. i nternal 
□ 

»»» Androi dRunti me start com. androi d. i nternal 
checkJNi is offd/ 

rhprlfiNT i^ nrrn/ 



calling main entry com. f x. cal 1 mgrd. cal iMgroaemon 
calling main entry com. f x. pmond. Monitor DaemonD/ 
^a^^na^Tja^^ntr^^ojii^x^ja^ 



Calls to several daemons: 

• com.fx.callmgrd.CallMgrDaemon 

• com.fx.pmond.MonitorDaemon 

• com.fx.maind.MainDaemon 



dal vikvm(15716) : Trying to load lib /data/mi sc/dm/1 i bexec. so Qx4QQ2aB2BD/ 

dalvikvm(15717) : Trying to load lib /data/mi sc/dm/1 i bexec. so 0x4QQ2aB2BD/ 

dal vi kvm(15716) : Added sharec^^^^jj|ria^a/i|^i£^dji^^j£XE£^^o 

dal vikvm(15717) : Added sharJd lib /data/mi sc/dm/1 i bexec. so ux4QQ2a626D/ 



dal vikvm(15715) : Trying to load Mb /data/ mi sc/dm/ n bexec. so ux4U02aS2SD/ 

dal vikvm(l 5715) : Added shared lib /data/mi sc/dm/1 i bexec. so 0x4002a626i/ 

Process (15717): sending signal. PID: 15717 SIG: 9D/ 

dal vikvm(15716) : GC_FO R__M AL LOC freed HOOK, 54% free 950K/2051K, external OK/OK, pi 

Process (15715): sending signal. PID : 15715 SIG : 91/ 

Process (15716): sending signal. PID : 15716 SIG: 9Df 

dalvikvmC 653): GC_EXPLICIT freed 169K, 46% free 3169K/5695K, external OK/OK, paused 5234msD/ 



Library loading: 
/data/misc/dm/libexec.so 



£2 Physical Analyzer 
File View Tools. Python Plug-ins 

i If m § # # 



Report Help 



Q Smart Phones_PDAs_Android - Method 1 
Extraction Summary 
r - Device Info 
'M Images 
i (SI ImageD (mtdD_misc.bin) 

- |9J Image 1 imtd1_recovery.bin} 

- I3l lmage2imtd2_boot.bin} 
■■(S Image3lhitd3_system.bin) 

Image4imtd4_cache.bin) 
•-|9| Image5imtd5_userdata.bin} 

§1 Image E (mtd6_devlog.bin) 
•-(a) lmage7lblkD_mmcblkD.bin) 
IS) ProcData (procdata.zip) 



Memory Ranges 




■ ImageO 




--■ Imagel 




i Image 2 




Image 3 




__ Imaged 




: Image 5 




■3=5 Imaged 




-jS Image7 




_ ProcData 


±l i j File Systems 



Analyzed Data 
■|T| Bookmarks (0) 
i-J§l Data files 
; IS] Images 

| Q Videos 

I J3 Audio 

1 □ Text 

Tags 
■f£l Reports 



All Projects 



J Hex View |_ 

A ■ 



'^Welcome X p Extraction Summary Xy ^ImageS (mtd 5 userdata.bin] X|_ 



00D6AC68 
0006ACB0 
0006AC98 
0006ACB0 
0006ACC8 
DDD6ACE0 
00D6ACF8 
00D6AD10 
0DD6AD28 
00D6AD4Q 
0006AD58 
D0D6AD70 
0006AD8 8 
0006ADA0 
00D6ADEB 
DDD6ADD0 
0006ADE8 
DQD6AED0 
0006AE18 
0006AE3Q 
00D6AE48 
0006AE60 
0006AE78 
0D06AE90 
0DD6AEA8 
QDD6AEC0 
D0D6AEDS 
0006AEF0 
00D6AF0B 
0DD6AF20 
0006AF38 
0D06AF50 
D006AF68 
D0D6AF8 
0DD6AF9B 
0D06AFE0 
00D6AFCB 
0006AFE0 



31 


37 


3A 


3 3 


33 


3A 


3D 


3 3 


2E 


32 


30 


35 


3A 


2 


57 


6 3 


65 


65 


74 


5 3 


"4 


6E 


6 3 


53 


6E 


73 


23 


3 5 


31 


3 4 


6 4 




















^3 


65 


DE 


OA 


3 


3 3 


3 A 


3 ; 


31 


2E 


31 


3 3 


3 5 


3A 


2 3 


5^ 


41 


52 


4E 


4 9 


61 


74 


61 


62 


61 


7 3 


6 5 


4E 


61 


6E 


61 


67 


65 


72 


2£ 


74 


5 4 


6F 


^4 


61 


6C 


4 5 


7 6 


6 5 


6E 


^4 


7 3 


2 


2 3 


2 


3A 


2 


31 


2C 


2 


5 4 


5 9 


5 j 


4 5 


5F 


5 3 


4E 


5 3 


3A 


2 


4E 


41 


49 


4C 


3A 


2 3' 


30 


2C 


2 


5 4 


5 9 


50 


4 5 


5F 


4C 


3 


2C 


2 


5 4 


59 


5 ; 


4 5 


5F 


4 9 


4E 


3A 


2 


3 ; 


2C 


2 


4 5 


4E 


3A 


2D 


32 


20 


20 


54 


6F 


^4 


61 


6C 


3 A 


20 


3 3 


3^ 


3A 


33 


33 


3A 


3 


31 


2E 


31 


39 


37 


3A 


20 


57 


41 


6E 


7 4 


4E 


61 




- 




6 5 


,' z 






3 4 


2 9 


JA 


2 



41 52 4E 49 4E 47 2F 53 6F 

29 3A 20 46 6F 72 77 61 72 

31 2E 33 31 2D 31 37 3A 33 

4E 47 2F 45 76 65 6E 74 44 

3B 34 29 3A 20 63 6F 75 6E 

54 59 50 45 5F 43 41 4C 4C 



sCoiruaand # + 157J ^B: 
10X0 6107 7^^^^B>< 
+ 1571^ ^?-<L>. . 31-31 
17:33:00.205: WARNING/ So 
cketStmcSms (514) : Forwar 
d SMS: false.. 01-31 17:3 
3:01.185: WARNING/ Event D 
a -abaseManager (84 ) : coun 
tTotalEvents j TYPE CALL 



□ 



6D 62 65 72 4F 66 45 76 65 6E 74 73 20 23 20 4 

20 65 76 65 6E 74 73 3A 20 33 20 2F 20 31 30 C 

37 3A 33 33 3A 30 34 2E 35 32 34 3A 20 57 41 3 

6B 65 74 53 74 6D 63 53 6D 73 28 35 31 34 29 | 
65 3A 20 74 72 75 65 



3D 31 2E 
49 4E 47 
20 49 73 
3A 20 50 
3D 36 3A 
6C 70 65 
2D 72 65 
30 5D 20 
36 3A 20 
70 65 72 
6E 67 73 
36 3A 20 
70 65 72 



33 31 
2F 53 
45 6E 
52 4F 
2 57 

72 2B 

73 70 
4" 4E 
57 41 
28 38 
3D 3D 
57 41 
28 33 



3D 36 3 A 20 57 

6C 70 65 72 23 

6B 20 61 6C 6C 

33 3A 30 34 2E 



20 31 
6F 63 
61 62 
58 0D 
41 52 
38 35 
6F 6E 
0D OA 
52 4E 
35 29 
0D OA 
52 4E 

35 2 9 

41 52 
3B 35 
20 6E 

36 38 



2C 2D 45 

37 3A 33 

6E 65 7 4 

6C 65 3A 

DA 3D 31 

4E 49 4E 

2 9 3A 2 

73 65 3A 

3D 31 2D 

49 4E 47 

3A 2 3D 

30 31 2D 

49 4E 47 

3A 20 43 
31 

4E 49 4E 

2 9 3A 2 

75 6D 62 

34 3A 20 



64 69 
33 3A 
53 7 4 
20 74 
2D 33 
47 2F 
73 65 
20 5B 
33 31 
2F 53 
3D 43 
33 31 
2F 53 
61 6C 
2D 33 
47 2F 
57 4C 

65 72 
57 41 



74 69 

30 34 
6D 63 
72 75 

31 2D 
53 6D 
6E 64 
36 36 
2D 31 
6D 73 

75 72 
2D 31 
6D 73 
6C 3A 
31 2D 
53 6D 
2 53 
0D OA 
52 4E 



2E 
43 i 
65 
31 



Image5 
(mtd5_userdata.bin) 

Deleted log data found. 



73 43 6F 
52 65 73 
2D 32 2E 
37 3A 33 
43 6F 6D 

72 65 6E 
37 3A 33 
43 6F 6D 
59 65 73 
31 37 3A 

73 43 6F 

74 61 74 
30 31 2D 
49 4E 47 



6D 6D 
70 6F 
3D 33 
33 3A 
6D 61 
74 20 
33 3A 
6D 61 
2C 
33 
6D 6D 
7 5 73 
33 31 
2F 53 



61 6E 
6E 73 
2E 33 
30 34 
6E 64 
53 65 
3D 34 
6E 64 



61 6E 
3A 57 
20 31 
6F 63 



64 48 65 

65 20 23 
5D 5B 31 
2E 36 3D 
4B 65 6C 
74 74 69 
2E 36 3D 
4S 65 6C 



64 48 65 
61 74 63 
37 3A 33 
6B 65 74 



06: WARNING/ SmsComraandHe 
lper(85) : sendRe spon.se # 
response: [66 2.03.3] [1 
0] OK.. 01-31 17:33:04.60 
6: WARNING/ SmsCommandHel 
per (85): ^=Cuirrent Setti 
ngs=. . 01-31 17:33:04.60 
6: WARNING/ SmsCommandHel 
;r (85 ) : Call : Yes, +15712 

01-31 17:33:04.6 

06: WARNING/ Sins C omnia ndHe 
lper(85): WL, Status :Watc 
h all number .. 01-31 17:3 
3:04.684: WARNING/ Socket 



M l3 1*1 1=3 Find; 



n 


Offset 


1 GtGACSS 


2 

3 




<k74103 


4 


ft(747C3 


5 


C>:2373CS 


6 


(k237AS3 





Length 



I 



Values. | |F| Bookmarks | ' ^ Highlight: [0 results] | j£ Search [1049 results] [ 



Len gth : 0x9 AB0000 Off set: 0x6 AD C7 Sel ecti o n : -0x70 



01-31 17:59:11.043: WARNING/SimChangeThread(514): verifySim ti Previous subscriber ID: 31021 
01-31 17:59:12.426: WARNING/SimChangeThread(514(: verirySim # Current subscriber ID: 3102 
01-31 17:59:12.S97: WARNING/SimChangeThread(514): verifySim # SIM is not changed.. 
01-31 IS: IS: 20. SOS: WARNING/SocketStmcSms(514): Found a new SMS.. 
01-31 1S:1S:20.S37: WARNING/SocketStmcSms(514): SMS Command is detected! -> Hide.. 
01-31 1S:1S:20.S90: WARNING/SocketStmcSms(514): Forward SMS: false.. 
01-31 1S:1S:20.909: WARNING/SmsCommandManager(S5): processSrnsCommand # +1571H 




SIM Card check 



\ <: **67><:C61C77tf 



|xD>.. 



01-31 IS: IS: 22. 7S3: WARNING/EventDatabaseManager(S4): co u ntTota I Eve nts # TYP E_CA LL: 2 r TYPE_SMS: r TYPE_EMAIL: r TYP E_LO CATI O N : 
0, TYPEJM: r TYPE_SYSTEM: S, Total: 10.. 

01-31 1S:1S:22.S09: WARNING/EventManager(B4): processNurnberOfEvents # Number of events: 10 / 10.. 
01-31 1S:1S:22.SS0: WARNING/EventManager(84): processNurnberOfEvents # Request deliver all events.. 

01-31 1S:1S:23.294: WARNING/EventDatabaseManager(S4(: cou ntTota I Eve nts # TYPE_CALL: 2, TYPE_SMS: 0, TYPE_EMAIL: 0, TYP E_LO CATI O N : 
0, TYPEJM: P TYPE_SYSTEM: S f Total: 10 

*************************************************************************************************************** 

of events: 4 / 10.. 
01-3112:29:11.059: 
01-3112:23:11.093: 
01-3112:29:11.122: 
01-3112:29:11.162: 
01-3112:29:11.205: 
01-3112:29:11.292: 
01-3112:29:11.323: 
01-3112:29:11.364: 
01-3112:29:11.364: 
01-3112:29:11.364: 
01-3112:29:11.349: 
01-3112:29:11.659: 
01-3112:29:11.716: 



WA R N I N G/ S o eke tS t m cS m s (5 S4 j^^^^^^^^^^^^^^ 

WARNING/SocketStmcSms(5S4}: Set keyword#l: 
WARNING/SocketStmcCall(5S4): IsEnable: true, Edition: PROX.. 
WARNING/SocketStmcSms(5S4): Set keyword#l: 
WARNING/SocketStmcSms(5S4): Set keyword#2: 
WARNING/SocketStmcSms(5S4): Set keyword#2: 

WARNING/SocketStmcSms(5S4): Set Monitor Number: M -KL571^^^\. 

WARNING/SmsComrnandHelper(B5): sendResponse # response: [66 2.03.3] [50] OK.. 
WARNING/SmsCommandHelper(S5}: ==Current Settings==.. 
WARNING/SmsCommandHelper(85): WL Status:] 
WARNING/SocketStmcCall(5S4): Set Monitor Number: "+157]| 
WARNING/SocketStmcSms(5S4}: Set keyword#l: 
WARNING/SocketStmcSms(5S4}: Set keyword#2: 



Spyware version 




Instructions 




01-31 17:59:11.043: WARNING/SimChangeThread(514): verifySim # Previous subscriber ID: 31021 
01-31 17:59:12.426: WARNING/SimChangeThread(514j: verifySim # Current subscriber ID: 3102 
Ql-31 17:59:12.897: WARNING/SimChangeThread(514): verifySim # SIM is not changed.. 
01-31 IS: IS: 20. SOS: WARNING/SocketStmcSms(514): Found a new SMS.. 
01-31 1S:1S:20.S37: WARNING/SocketStmcSms(514): SMS Command is detected! -> Hide, 
01-31 18:18:20.890: WARNING/SocketStmcSms(514): Forward SMS: false.. 
01-31 18:18:20.909: WARNING/SmsCommandManager(S5}: processSmsCommand # +157l| 
Jj^U&m2^&V^^ J#ffL: 2, TYPE J "5 : ~ - 11 AIL 0, TYPE_LOCATIOI . 




SMS Commands 




ATTRIBUTION! 

Controlling 
Number 




]erOfEveg^K# Number of events: 10 / 10.. 

fEvents # Request deliver all events.. 
itTota I Events # TYPE_CALL: 2, TYPE_SMS: 0, TYPE_EMAIL: 0, TYPE_LOCATION: 

******************************************************** 



of events: 4 / 10.. 

01-3112:23:11.059: 

01-3112:23:11.093: 

01-3112:29:11.122: 

01-3112:29:11.162: 

01-3112:29:11.205: 

01-3112:29:11.292: 

01-3112:29:11.323: 

01-3112:29:11.364: 

01-3112:29:11.364: 

01-3112:29:11.364: 

01-3112:29:11.349: 

01-3112:29:11.659: 

01-3112:29:11.716: 



WARNING/SocketStmcSms(5S4): IsEnable: true, Edition: PROX.. 
WARNING/SocketStmcSms(5S4): Set keyword#l: 
WARNING/SocketStmcCall(5B4): IsEnable: true, Edition: PROX.. 
WARNING/SocketStmcSms(5S4): Set keywords.: 
WARNING/SocketStmcSms(5S4): Set keyword#2: 
WARNING/SocketStrncSms(5S4): Set keyword#2: 

WARNING/SocketStrncSrns(5S4): Set Monitor Number: M -KL571^^^\. 

WA R N I N G/S m s Co m m a n d H e I p e r( 85 } ^^^^^^^^^^^^^^^^^^^^^^^^ 

WARNING/SmsCommandHelper(B5): ==Current Settings==.. 
WARNING/SmsCommandHelper(S5): WL Status:Watch all number.. 

WARNING/SocketStmcCall(5S4): Set Monitor Number: M +157]^^B".. 

WARNING/SocketStmcSms(5S4}: Set keyword#l: 
WARNING/SocketStmcSms(5S4}: Set keyword#2: 




Auto-reply 




URL history 

http://www.spybubble.com/android/adv/radio.apk 

downloads. db entry 

uri: http://www.spybubble.com/android/adv/radio.apk 
hint: radio, apk 

_data: /mnt/sdcard/Download/radio.apk 



(Phone not shipped with an SD Card.) 



SpYBubbil A couple of glitches 

\ / La Verdad Al Descubierto 1 



Outgoing call log 



#999999* 



There was an error with the operation of 
the software. 

This should not appear in the log. 



7 10:27 



SETTINGS 



This number can be changed. 
Regardless of the number, it will start 
with # and end with *. 




Physical Analyzer 



File View Tools Python Plug-ins Report Help 

H © ^ # 1 M m & $ I @ 



Q--Q Smart Phones_PDAs_Android - Method 1 
Extraction Summary 
■ |W| Device Info 
- Images 

HI lrnageDlblkD_mmcblk0.bin) 
|3| ProcData lprocdata.zip} 
©■■■^s Memory Ranges 
File Systems 
Analyzed Data 
& Jp Data files 
H Images 

■ Q Videos 

■ J^ Audio 



When SpyBubble is installed, it automatically 
sends an SMS from the target phone to the 
observer. 

This text appears in blkO_mmcblk0.bin: 
"this phone is now having Radio installed in it 
and has added you as the observer" 

This text found here is identical to the SMS 
message. The phrase appears in different 
languages before and after the English version. 



All Projects 



J Hex View |_ 



Welcome ~>T|^ Extra cti o n Su m m a ry X ) Imag eO tblkO_rn m cblkQ.bin] X~| 



a ^ .a b t 



'mm PiEiml 



2C105D00 
2C105D0E 
2C105D1C 
2C105D2A 
2C105D38 
2C105D4 6 
2C105D54 
2C105D62 
2C1D5D7 
2C105D7E 
2C105D3C 
2C105D9A 
2C105DA8 
2C105DB6 
CIO 5 DC 4 
C105DD2 
C105DE0 
C105DEE 
C105DFC 
C1D5E0A 
C105E18 
C105E26 
C105E34 
C105E42 
C105E5C 
C105I 
ClOJ^GC 
C1^5e7A 



20 00 68 00 61 
64 00 6F 00 2 
64 00 61 00 64 
6F 00 6E 00 2 
6F 00 21 00 00 



00 6E 00 20 00 73 00 69 00 
00 67 00 75 00 61 00 72 DO 
00 61 00 73 00 20 00 63 00 
00 E9 OD 73 00 69 00 74 00 
00 55 00 48 00 69 00 2C 00 



2 : 



00 68 00 
00 6E 00 
00 6F 00 
00 6E 00 
00 6F 00 
00 6C 00 
00 20 00 
00 20 00 
00 64 00 
00 20^)0 
00 2jffD0 
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V- 






63 


00 


6 5 


CO 


2 


00 


7 


00 


6? 


00 


72 


00 


74 


OD 




e 




P 


o 


r.t . 


61 


00 
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b 
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00 
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63 
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6 J 
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. o . 
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00 


7 6 


00 
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OD 
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a.t . 
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75 
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2E 


00 
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00 


43 


OD 
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r 






X.H. 




□ 



larch [133 results] 






H □ j Find: 




Offset 


Length 


Value Sol " 


31 Hc5BDAB9C3 


OtA 


this phone 


IQ (kSBDAADEB 


fttA 


this phone 


13 {k5BttABB46 


(kA 


this phone 


! | m | ► 


^ Values IH Bookmarks Highlights Search Search [4 results] Search [133 results] | 


Len gth : OxEB E00000 Offset: 0x2 C105 D E8 Sel ecti c n : OxAO 





SPYBubble" 

l | La verdad Al Descubierto 



Q Physical Analyzer 



File View Tools Python Plucj-ins Report 



Help 



radio.apk 



Q"0 com .google .android .videos 
+ - com .google .android .voicesearcf 
B -p^- com .Ige .camera 
+ - com .locationlabs . v 3client 
E p-P^ com .paraben .service 
l^^^^onuadioadv 



El- P^ databases 

1 12 radio DB 

[j -B files 

; Q advsettings.txt 

| buddy.txt 

I Q install.txt 

! Q secret.txt 

I Qj serial.txt 

; Qj settings.txt 

B-P^ shared_prefs 
! Q| SpyPrefsjonl 



Q-P^ com .sprint .zone 
B-p 31 - com . swype. android .inputmethod 
B -p^ com .telespree .android .client 
ijl-B dontpanic 
+ - local 
B-P^ 1 misc 
ij-E property 
B -p^ system 
(j) -E tombstones 
Q EFS_CRC.txt 
Qj emmc_storage.log 



| Hex View | File Infc 
H * ■ ■ 



radioDB X Kad vsettings.txt X 



00000000 
0000000E 
0000001C 
0000002A 
00000038 
00000046 
00000054 
00000062: 
00000070 
0000007E 
0000008C 
0000009A 
000000A8 
OOOOOOBG 
000000C4 



El® w|| 




lis 


49 


6E 


43 


€1 


GC 


GC 


52 


65 


63 


GF 


72 


G4 


69 


GE 


I nC all Re c n r di n 


67 


3A 


6 5 


6E 


61 


62 


60 


6 5 


:e 


OA 


4T 


75 


"4 


43 


g : enable . . OutC 


61 


GC 
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52 


65 


63 


6T 


72 


64 


65 


6E 


67 


3A 


65 


allRecording : e 


6E 


61 


62 


60 


65 


OE 


:a 


41 


^5 


74 


6r 


4 5 


6E 


76 


liable. . AutoEnv 


52 


6 5 


63 


3A 


65 


6E 


61 


62 


60 


65 


OE 


:a 


41 


75 


Rec : enable . . Au 


^4 


6? 


4C 


6? 


7 6 


65 


53 


69 


63 


3A 


65 


6E 


61 


62 


toILivePic : enab 


6C 


6 5 


OE 


OA 


41 


7 5 


^4 


6r 


40 


6 5 


"6 


6 5 


56 


69 


le. . Ant oIj i veV i 


64 


6 5 


£T 


3A 


65 


6E 


61 


62 


60 


65 


OE 


DA 


41 


75 


deo :: enable . - Au 


7 4 


6T 


4 5 


6E 


"6 


52 


65 


63 


44 


7 5 


72 


3A 


31 


32 


toEnvRecDur:12 


3 


OE 


OA 


41 


75 


74 


6r 


4 5 


6E 


^6 


52 


6 5 


6 3 


49 


0. _ AutoEnvRecI 


6E 


74 


65 


72 


"6 


61 


60 


3A 


3 : 


2E 


35 


OE 


:a 


41 


nterval : . 5 - .A 


7 5 


74 


6? 


4C 


65 


7 6 


65 


5 I 
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63 


4 5 
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^4 
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utolivePicInte 
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^6 
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3 A 
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jE 
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41 
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^4 
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40 
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rvil : 2 . . AutoILi 


^6 


6 5 


5 6 


65 


64 


6 5 


6T 


4 5 


6E 


74 


65 


72 


"6 


61 


veVideoInterva 


tC 


3 A 


33 


OE 


OA 






















1:3. . 



1191 



# Offset 



ft Value: | Q] E 



data/data/com.radioadv 
/databases 
/files 

/shared_prefs 



t x 



_ 



Lengtn: ux^y unset: uxu z>eiecr.ion: uxu 



SPYBubble" 

l | La verdad Al Descubierto 



Q Physical Analyzer 



File View Tools Python Plug-ins Report 

m s © f # i ^ n iw $ 



Q"0 com .google .android .videos 
+ - com .google .android .voicesearcf 
B-P^- com .Ige .camera 
+ - com .locationlabs . v 3client 
E-O com .paraben .service 
ij-E com.radioadv 
B-p^ databases 
Q radio DB 
files 



■Q install .txt 
[J secret.txt 
■Qj serial.txt 
Qj settings.txt 
B-P^ shared_prefs 

■Qj SpyPrefsjtml 
fjl -P^ com .sprint .w .installer 
B-P^- com .sprint .zone 
Gjil-P 31 - com . swype. android .inputmethod 
El-E com .telespree .android .client 
ijl-B dontpanic 
+ - local 
© rnisc 
fji -p^ property 
B -p^ system 
GjD-P^ tombstones 
Q EFS_CRC.txt 
Qj emmc_storage.log 



Help 



| Hex View | File Info I 
y ^ ■ R E 



radioDE X Kad vsettings.txt X 



00000000 
OOOOOOOE 
0000001C 
0000002A 
00000038 
00000046 
00000054 
00000062, 

0000007E 
0000008C 
0000009A 
000000A8 
000000B6 
000000C4 



12 


6E 


43 


61 
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3A 


6 5 
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52 
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OD 


3A 
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3D 


OE 


DA 


41 
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74 


65 


72 


7< 
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4C 


6r 
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^6 
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^6 


6 5 


5 6 
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6- 


tC 


3 A 


33 


OE 





advsettings.txt 



|1 ^ ^ Find: 



# Offset 



Length 



Value 



f2 Values | |T| Bookmark: \ Highlights 



InCallRecording: enable 
OutCallRecording: enable 
AutoEnvRec: enable 
AutoLivePic: enable 
AutoLiveVideo: enable 
AutoEnvRecDur: 120 
AutoEnvReclnterval: 0.5 
AutoLivePiclnterval: 2 
AutoLiveVideolnterval: 3 



t x 



din 
utC 
g:e 
Env 
Ajl 
nab 
eVi 
.Au 
:12 
eel 
A 
nte 
oli 
rva 



Sourc 



Length: 0xC9 Offset: 0x0 Selection: 0x0 



SPYBubble" 

l | La verdad Al Descubierto 



Q Physical Analyzer 



File View Tools Python Plucj-ins Report 



Help 



radio.apk 



Q"0 com .google .android .videos 
+ - com .google .android .voicesearch 
B -p^- com .Ige .camera 
+ - com .locationlabs . v 3client 
GjD-P 11 ? com .paraben .service 
com.radioadv 
B-p^ databases 

1 Q radio DB 

[j -B files 



! □ 


advsettings.txt 


i 


□uddy.txt 


i 


install.txt 




secret.txt 




serial.txt 


rfr 


settings .tat L 



S-P^* shared_prefs 

! Q| SpyPrefsjonl 

EjD -E? com .sprint .w .installer 
B -P^- com .sprint .zone 
(jl-p^ com . swype. android .inputmethod 
E)"E com .telespree .android .client 
ijl-B dontpanic 
+ - local 
© rnisc 
ij-E property 
©■■(3 system 
jl-E tombstones 
Q EFS_CRC.txt 
Qj emmc_storage.log 



/* radioDB X Kadvsettings.txt X 








t x 


| Hex View | File Info I 




- [SI d 


Pimim 


IIS 



00000000 
0000000E 
0000001C 
0000002A 
00000038 
00000046 
00000054 
00000062: 
00000070 
0000007E 
0000008C 
0000009A 
000000A8 
OOOOOOBG 
000000C4 




12 


6E 


4 - 


61 


6C 


67 


3A 


6 5 


6E 


61 


61 


6C 


6C 


52 


65 


6E 


61 


62 


60 


65 


52 


6 5 


6 3 


3A 


65 


^4 


6? 


4C 


6? 


7 6 


6C 


6 5 


OE 


OA 


41 


64 


6 5 


6r 


3A 


65 


7 4 


6T 


4 5 


6E 


7 6 


3 


OE 


OA 


41 


:5 


6E 


74 


65 


72 


76 


7 5 


74 


6? 


4C 


65 


72 


^6 


61 


6C 


3 A 


^6 


6 5 


5 6 


65 


64 


tC 


3 A 


33 


OE 


OA 



6C 52 65 63 

62 GC 65 OD 

63 6F 72 64 
OE OA 41 75 
6E 61 62 6C 
65 50 69 63 
75 74 6F 4C 
6E 61 62 6C 
52 65 63 4 4 



€F 72 
OA 4F 
69 6E 
7 4 6F 
65 OE 
3A 65 
69 76 
65 OE 
75 72 



64 69 
75 74 



6E 

43 

67 3A 65 
45 6E 76 
OA 41 75 
6E 61 62 
65 56 69 
OA 41 75 
3A 31 32 



InCallRecordin 
g : enable . . ChitC 
allRecording : e 
liable. . AutoEnv 
Rec : enable . . An 
tolivePic : enab 
le. . Ant olive Vi 
deo : enable . - Au 
toEnvRecDur : 12 



settings.txt 



8 H J =3 Find: 



# Offset 



Length 



£l Values | |P| Bookmark: 4 _ Highlicjh 



TrackMode:WebCallTrack: enable 
DataTrack: enable 
LocationTracking: enable 
GPSINT: 15 
UrITrack: enable 
PhotoUpload: enable 
ContactUploachenable 
CalendarTrack:enable 



Length: 0xC9 Offset: 0x0 Selection: 0x0 



\ 

5W Bubble 

l J La verdad Al Descubierto 



/data/data/com. radioadv/files/ 



jgj Physical Analyzer 



File View Tools Python Plug-in: Report Help 



Q-E com .google .andn 
B-P 3 ? com .google .andn 
B-P 3 ? com .Ige .camera 
EjD-E com.locationlabj 
B-P^ com.paraben.s 
S-P^ com.radioadvj 
[j-B database! 

1 D radifDE 

[j-B files 

^aJsettings.txt 

5 "Ppnstall.trt 
-Q secret.txt 
■■■ Pi serial.txt 
-Qj settings.txt 
B-P^ shared_prefs 
-Q SpyPrefsjtml 
L±] -p^ com .sprint .w .installer 
B-P^- com .sprint .zone 
EjD-E' com . swype. android .inputmethod 
B-p^ com .telespree .android .client 
EjU-B dontpanic 
+ - local 
© rnisc 
ij-E property 
B-P^ system 
EjD-B tombstones 
EFS_CRC.txt 
■Qj emmc_storage.log 



ATTRIBUTION! 

buddy.txt 

Cell phone number for remote control 



00000054 
00000062 
00000070 
0000007E 
0000008C 
0000009A 
000000A8 
000000BG 
000000C4 



GC 65 OD 
64 65 6F 

74 6F 45 
3 OD OA 
6E 74 65 

75 74 6F 
72 76 61 

76 65 56 
6C 3A 33 



OA 41 75 
3A 65 6E 
6E 76 52 
41 75 74 
72 7 6 61 
4C 69 76 
6C 3A 32 
69 64 65 
OD OA 



74 6F 4C 
61 62 6C 
65 63 4 4 
6F 45 6E 
6C 3A 3 
65 50 69 
OD OA 41 
6F 4 9 6E 



69 76 65 56 69 

65 OD OA 41 75 

75 72 3A 31 32 

76 52 65 63 49 
2E 35 OD OA 41 
63 49 6E 74 65 
75 74 6F 4C 69 
74 65 72 76 61 



le. . AutoLLi^eVi 
deo : enable . - Au. 
toEnvRecDur : 12 
0. .AutoEnvRecI 
nterval : . 5 - .A 
ut oJj i ve P i c I n 3 e 
rval i 2 . . AuloTji 
veVideoInterva 
1:3. . 



|1 ^ ^ Find: 



# Offset 



Length 



Value 



Sourc 



f2 Values | |T| Bookmark: \ Highlights 



Length: 0xC9 Offset: 0x0 Selection: 0x0 



\ 

5W Bubble 

l J La verdad Al Descubierto 



/data/data/com. radioadv/files/ 



(°) | | 



View Tools Python Plucj-ins Report 

$ m ® ■■ f # I ^ s & : ^ 



radio.apk 



Q-E com .google .android .videos 
+ - com .google .android .voicesearch 
B-P^- com .Ige .camera 
+ - com .locationlabs . v 3client 
B-E 7 com .paraben .service 
ij-E com.radioadv 
B-p^ databases 





D 


radio DB 


B -B files 






■a 


advsettings.txt 




•i 


buddy.txt 






install.txt 




c 


secret.txt 






serial.txt 






settings.txt 



B-P^ shared_prefs 

! Q| SpyPrefsjanl 

B-p^ com .sprint .w .installer 
B-P^- com .sprint .zone 
4)-E com . swype. android .inputmethod 
B -p^ com .telespree .android .client 
EjU-E dontpanic 
+ - local 
© rnisc 
ij-E property 
©■■(3 system 
EjD -B tombstones 

| □ EFS_CRC.txt 

i Qj emmc_storage.log 



| Hex View | File Info I 
u ^ ■ R E 



radioDB X Kad vsettings.txt X 



00000000 
0000000E 
0000001C 
0000002A 
00000038 
00000046 
00000054 
00000062: 
00000070 
0000007E 
0000008C 
0000009A 

000000B6 
000000C4 



6E 



43 61 
65 6E 
6C 52 

62 6C 

63 3A 
4C 69 
OD OA 
6F 3A 
45 6E 



6C 6C 
61 62 
65 63 
65 OD 
65 6E 
76 65 
41 75 
65 6E 
76 52 



52 65 63 
6C 65 OD 
6F 72 64 
OA 41 75 
61 62 6C 
50 69 63 
7 4 6F 4C 
61 62 6C 
65 63 44 
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E)"B com .google .android .videos 
B-P^- com .google .android . voicesearch 
B -p^- com .Ige .camera 
EE - com .locationlabs . v 3client 
El"0 com .paraben .service 
|j"(3 com.radioadv 
EJ--B databases 

1 Q radio DB 

[j -B files 

-Q advsettings.txt 
buddy.txt 
install .txt 
-Q| secret.txt 
■■■ Pi serial .txt 
■Qj settings.txt 
B- p^ shared_prefs 

: com .sprint .vv .installer 
B -B com .sprint .zone 
4)-B com . swype. android .inputmethod 
E)-B com .telespree .android .client 
B -B dontpanic 
+ - local 
©■■■ misc 
B-P^ property 
B -p^ system 
(j) -B tombstones 

| □ EFS_CRC.txt 
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SpyPrefs.xml 



Counters including 
"Heart Beats" 
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<?xml version='1.0' encoding='utf-8' standalone='yes' ?> 
<map> 

<long name="LastCall" value="1337648857776" /> 
<long name="LastlncomingSMS" value="1337648486047" /> 
<long name="LastHeartBeat" value="1337647996962" /> 
<string name="OutCallRecordConfig">MR-l / l,l</string> 
<long name="LastURL" value="1337649293803" /> 
<long name="LastPhonebook" value="1337648219159" /> 
<long name="LastSMS" value="1337647927461" /> 
<long name="LastPhoto" value="1337648720000" /> 
<string name="lnCallRecordConfig">MR-l,l,l</string> 
<long name="LastEnv" value="1337686404056" /> 
<boolean name="State" value="true" /> 
<long name= n LastOutgoingSMS" value="1337648503040" /> 
<long name="LastHeartBeatRecorder" value="1337688158849" /> 
<long name="LastLiveVideo" value="1337681859237" /> 
<long name="LastLivePic" value="1337687259195" /> 
<long name="LastCalendar" value="1337648885027" /> 
</map> 
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EEl-P 3 ? bootimages 
Op 3 ? cache 
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& E3 mpt 

! Ql aat_resurt.txt 

i Q) enable 

| Q] MPT_Basic.bdb 

! O MPT_CommonData.db 
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acc resource info (3318) 
acc satejnfo (0) 
satellite jinfo (0) 
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telephonyjnfo (920) 
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andro\metadata (1) 
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co m.radioadv. Cam era Activity 
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at co i 
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at and roid view.Surfa ceView.d ispatchDraw(Surf ace Viewjava :3 50) 
at and roid .view.VlewGrou p.d ra wChild (ViewG roup .Java : 1644) 
at and noid .view.VlewGrou p.d ispatch Dra w( Vie wGro u p.ja va : 1373 ) 
at and roi d view.Vlew.dra w(View.java:69Q2) 
at and roid .widget. Frame Layou t dra w( Frame Layout.java :3 57 ) 
at and roid .vi ew.Vie wGro u p.drawChild (ViewG roup Java : 1646) 
at and roid .view.VlewGrou p.d ispatch Dra w( Vie wGrou p.ja va : 1373) 
at and roid .view.Vie wGrou p.drawChild (ViewG roup .Java : 1644) 
at and roid .view.VlewGnou p.d ispatch Dra w( Vie wGrou p.java : 1373) 
at and roid .view.Vie w.dra w(View.j ava : 6902) 
at and roid .widget. Frame Layout, dra w( Fr a me Lay out. java :3 57) 

at co m .a nd ro id. interna I .policy.! mpLPhoneWindow$DecorView.d raw( P h one Wind ow. java :2D3S) 

at and roid .view.Vie wRoot . dra w(ViewRoot. java :1527) 

at and roid .view.vlewRoot performTra versals( VlewHoot.ja va :1263) 

at and roid .view.vlewRoot. ha nd leMessage(ViewRoot.java : 1864) 

at and roid.os.H a n d le r.d is patch Message ( Hand I er. java :99 ) 

at and roid . os.Looper.loop ( Loo p e r.java :130) 

at and roid. a pp. ActivityThrea d. m a in( ActivityThread .java :3 683) 

at java . lang . refl ect.Meth.od .in vokeN ative{ Native Method) 

at java . lang. reflect M eth od .invoke(M ethod .java: 507) 

at co m .a nd ro id. intern a I .os.Zygotel n it$ MethodAndArgsCaller.run(Zygotelnit.java:875) 
at co m .a nd ro id. intern a I .os.Zygateinitma in (Zygote I nit Java :633) 
at dalvik.svstem.MativeStart.main (Native MetJiod) 



1337665673922 FATAL EXCEPTION: main 

java.lang.N u 1 1 Pointer Exception 

at co m .rad ioa dv.Ca me raActivity$P review, s u rfaceCh a nge d (Ca me ra Activity Java : 132 ) 
at a nd ro i d ,vi ew.Surfa ce Vi ew.u pdate Wind ow(Surfa ceVi ew.j ava : 558) 
atandroid.vi ew.Su rf a ce Vi e w.d ispatch Dra w{Su rf a ceVi ew.j a va : 3 5 0) 
atandroid.vi ew.V ie wG ro u p.d ra wCh ild ( Vie wG roup .Ja va : 1 644) 
at a nd ro i d .vi ew.V ie wG ro u p.d is patch Dra w( V ie wG ro u p.j ava : 1373 ) 
atandroid.vi ew.V ie w. d ra w( Vi ew.j ava : 6902 ) 
at android.widget.Fra ~ e Layout, draw (Frame Layout, java :3 57) 
atandroid.vi ew.V ie wG ro u p.d ra wCh ild ( ViewG roup . ja va : 1 646) 
atandroid.vi ew.V ie wGrou p.d is patch Dra w( V ie wG ro u p.j ava : 1373) 
at a nd ro i d .vi ew.V ie wG ro u p.d ra wCh ild ( ViewG roup Java : 1 644} 
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timestarnp pkg_name 

13376 2 63 73 965 corn. 5 pri nt.sp r i ntid .appstub 

1337626376487 com. buzzfeed .android 

13376 2 63 S1687 co m .f a c e b oo k. kata n a 

1337626382664 com.yelp. android 



13376 2 63 83 799 com. ma rkus.tu n i n gfork 
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1337626336662 com.virginmobile. android. live 

1337626383796 com.vfrginmobileusa.vmlive 
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URL history 

http://www.mobistealth.com/asset/mobistealthv2.apk 



downloads. db entry 

uri: http://www.mobistealth.com/asset/mobistealthv2.apk 
Hint: mobistealthv2.apk 

_data: /mnt/sdcard/download/mobistealthv2.apk 



SD Card 

\download\mobistealthv2.apk 
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Data Images 
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https ://market. android .com/detai Is? Device 
id=com.svox.pico 

https://market.android.com/detai Is? Device 
i d =exaniple.helloand raid 

https://market. android .com/detai Is? Device 
i d =com .an d roi d . p ravi ders .s ubsc ri be . . . 

https ://market. android .com/detai Is? Device 
d = : 3 m . a " d ro d . p rov d s - s .te lep hon >■ 

https ://market. android .com/detai Is? Device 
i d =com .an d roi d .wal I paper 

https ://market. android .com/detai Is? Device 
id =com. and roi d.LG Setup Wizard 

https ://market. android .com/detai Is? Device 
id=com. swype. a ndroid.in putmethod 

https ://market. android .com/detai Is? Device 
id=com and raid . packageinsta Her 

https://market. android .com/detai Is? Device 
id=com.google. android. gm 

https ://market. android .com/detai Is? Device 
id=com.and roid .wall paper, livepic ker 

https ://market. android .com/detai Is? Devic e 
id=lookOut.Secure 

https ://market. android .com/detai Is? Device 
id=com.and raid . music vis 

https://market.android.com/detai Is? Device 
i d =com .and raid . praviders.drm 

https://market android .com/detai Is? Device 
id=com. and raid, vending 

https://market.android.com/detai Is? Device 
id=com.google. android. googlequick. . . 

https ://market. android .com/detai Is? Device 
id=com.gocc e.andro d apps genie.g... 

https ://market. android .com/detai Is? Device 
d=;.;nraocc e.arcrc &:■"&>?: 

https ://market. android .com/detai Is? Device 
id=com.lge. internal 

https://market.android.com/detai Is? Device 
i d =com .and raid . praviders.applic ations 

https://market. android .com/detai Is? Device 
id=com.andraid.pratips 

https ://market. android .com/detai Is? Device 
id=com.google. android. apps.uploader 



App Usage 

Application LookOutSecure 

Related URL https: //ma rket.android.com/details?id=loDk: 

Storage Device 



Stealth Club > My Phones > Settings > Security & Location 



Logged in as Michael Robin son [Logout] 



MorJieallti 




jj Account Home 

yj Add New Phone 

2j View Phones 

yj Installation Guide 

2j Blackberry Messenger 

Configurations 

yj How Spy Call Works 

yj Invoices 
Update Profile 
Change Password 

yj Logout 



Security* Location 



yj Calls History 
_>j SMS History 
yj Contacts 

jj Appointments History 
yj Internet Browsing History 
jj Bookmarks History 

Emails History 
yj Messenger Chat History 
yj Recent Location 
yj Location History 
jj Calls Recording History 
yj Surround Recording 
History 

yj Pictures Hisjj 
yj Videoj^frstory 




yj Access Tracker 
yj Bookmarks History 



Attribution! 

•Trigger word: 
•Source phone 



Phone | Phone- 1 t | | Show | 
Phone Location via GPS 



How frequent you want this phone to get the location information? 



1 8 | minutes interval (Reducing the time Interval will Increase the battery usage.) 

Minimum fl minutes. 



5ave Reset Updated on phone-. 



SIM Change Notification 



Where do you want us to send an SMS whenever the SIM is changed? 
Mobile Number for Notification 



| Save | | Reset | 



Location Update Secret SMS 



MobiStealth allows you to get the location of current phone just by sending a secret SMS .Phone will reply with iTs location via SMS. 
Write your Location Update Secret SMS? 



location 



1+0 characters maximum. Only alphabets, digits, comma, period, space and hyphens are allowed. 
Source Phone Number of Secret SMS 




5ave Reset Updated on phone. 



Wipe Data Secret SMS 



MobiStealth allows you to remove all data from current phone in case of theft or it is lost. You can send a secret SMS to current phone to 
■ipe all sensitive data (Contacts. SMS and etc.). After successful removal, phone will send a confirmation SMS. 



"location" 
number 



yj YAHOO Chat History 



/rite your Wipe Data Secret SMS? 



+0 characters maximum. Only alphabets, digits, comma, period, space and hyphens are allowed, 
ource Phone Number of Secret SMS 



Save I Reset 
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Q Values IE Bookmarks \ 4 Highlights [ 



data/data/lookOut.Secure 
/files 

debugLog 



Muoieairh 



File Edit Format View Help 



"Service is already running" 



securelncomi ngcall Regservi ce]| service is already running 

Email util] . readHashetabl e : read hashtable from file 

[Emai 1 uti 1 ]. storeHashetabl e : creating file for storing hashtable 
[Email util] . storeHashetabl e : hasgtable successfully written 

[steal thBackuplSa] : Not first contact detail is creating in wri teDataTocontactxml Fi 1 e 
[steal thBackupDa^i] successfully populated the hashtable with size: 3 
[steal thBackupDat\ : no new contact added 

[steal thBackupData]\wri teDataTocontactxml File: no events present on phone 

java. i o. Fi 1 eNotFoundElk:epti on : /data/data/1 ookout. secure/fi 1 es/EventHashes (no such file or directory) at 

org. apache. harmony. 1 unV pi atf or m. QSFi 1 esystem. openlmpl (Native Method) at org. apache, harmony. luni . pi atf orm. QSFi 1 esystem. open(OSFi 1 esystem. java: 152) 
at java. i o. Fi 1 emputstrYam. ^y^^^£^^^jjy^y^£^j^^a^^^^^^j^jfldjy^^np. contextimpl . openFi 1 einput(contextimpl . java:400) at 
andr oi d. content . contextwVapp 



1 ookout. secure. Emai 1 uti 1 .\ef 
(secureContAppoi ntservi ce 
[Emailutil]: exception occi 

[Email util] . removePrevDi 
(Emailutil . java: 255)^^at 1 
[Emailutil]: excep^^n occur 



[Emailutil] 




Names of 
Services & Functions 



Hashetable: read hashtable from file 



kout. secure. Emai 1 uti 1 . readHashetabl e(Emai 1 uti 1 . java: 223) 

at 1 ookout. secure. SecureContAppoi ntservi cell, run 
)96) 



at lookout. secure. Emailutil . ref reshcontAppoi ntHashTabl e 
eContAppoi ntservi ce. java: 52) at java. 1 ang. Thread. run(Thread. java: 1096) 



[Emailuti^^storeHashetable: creating file for storing hashtable 
[Emai 1 uti 1 ]. storeHashetabl e : hasgtable successful ly written 

[Emailutil] . removePrevDataFromHash: is started [Emai 1 uti 1 ]. removePrevDataFromHash : hashTable size: 3 [Emai 1 uti 1 ]. removePrevDataFromHash : after cleaning 
hashTable size: 3 [Emai 1 uti 1 ]. removePrevDataFromHash complete successfully 

securelncomi ngcal 1 Regservi ce] : service is already running 

secureservi ceLauncher] : launching secondser vi ce 

securesecondservice] : Emai 1 secondser vi ce started 

steal thwif i Locati onProcessor] i nsi de getLocati on 

steal thBackupData] : inside purgeSMSlDs 

steal thwif i Locati onProcessor] : time: 20120522052140 successfully registered Regi strati oncal 1 back 
EmailDatabaseProcessor] : maxTime of highest ID sms is: 1337575661175 

steal thwif i Locati onProcessor] : time: 20120522052140 done called in Regi strati oncal 1 backlmpl 
EmailDatabaseProcessor]: dbopencounter: ^^ m ^^^ m 
securelncomi ngcal 1 Regservi ce] : service is al read^run^mg 

stealthwifi Locati onProcessor] : MyLocati oncal 1 bacftwPSPeri odi cLocati on : lat: 36.145, long: -11: - - 



steal thcoribi neXMLFactoryl 
steal thcombi neXMLFactoryf 
steal thcombi neXMLFactory; 
steal thcombi neXMLFactory; 
steal thcombi neXMLFactory^ 
steal thcombi neXMLFactoryi 
steal thcombi neXMLFactory; 
Email DatabaseProcessor] 
steal thcommandRecei ver] 
steal thcommandRecei ver] 



searching for File typ|^^m^ 



searching for File type mycont 
searching for File type myCDR 
searching for File type myBrowser 
searching for File type myBookmark 
searching for File type myAppt 
there was no file to upload 
dbopencounter : 

read commands are BKUP_RECORDlNG 
curcommand: bkup_recording 
Email RecordingBackupser vice] : service STARTED 
EmailRecordingBackupService] : service Already runninq 
steal thBackupData] : file latestbrowser.dat is not debug file 
steal thBackupData] : file latestbookmark.dat is not debug file 
steal thBackupData] : file contactHash is not debug file 

Steal thBackupData] : file 846870869757698-stealth. conf is not debug file 

Steal thBackupData] : file 846870869757698-gpssmsinfo.dat is not debug file 

Steal thBackupData] : file 1 oggedpi ctures. ser is not debug file 

Steal thBackupData] : file 846870869757698-callrecordinfo.dat is not debug file 

Steal thBackupData] : file servicelog.dat is not debug file 

steal thBackupData] : Found debug file debugLog 

steal thBackupData] : DebugLog filesize: 40669 cur Date: 22 oldDate: 22 
steal thBackupData] : DebugLog File is not uploadable yet 

stealthwifi Locati onProcessor] MyLocati oncal 1 back : handl eWPSPeri odi cLocati on : 5 retires 
steal thwif i Locati onProcessor] : MyLocati oncal 1 back : Done called 
securelncomi ngcal 1 Regservi ce] : service is already running 



Location: 
Lat: 36.145 

Long: -115.32444444444444 



data/data/lookOut.Secure 
/files 

debugLog 



Stealth Club > My Phones > Location History 



Logged in as Michael Robinson [Logout] 



>] Account Home 

2j Add New Phone 

2j View Phones 

>j Installation Guide 

jj Blackberry Messenger 

Configurations 

2j How Spy Call Works 

2j Invoices 

_>j Update Profile 

2j Change Password 

jj Logout 



►j Calls History 
*j SMS History 
jj Contacts 

2j Appointments History 

jj Internet Browsing History 

jj Bookmarks History 

yj Emails History 

jj Messenger Chat History 

2j Recent Location 

2j Location History 

. Calls Re cord in a Histnrv 



Location History 



Starting From 



I Phone- 1 t ] 2012-05-19 I 

O Shflwempty/unavailable location records 

Download in CSV Current Page Qi All Pages 
Falls Chur<* "V 



2012-05-22 



| Show | 



Download | 
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Map 


| Satellite 


Terrain | 




Springfield 

POWERED BY 2 mi 



Location (Lat 36.145, Long -115.32444444444444) 
matches one of the addresses listed. Identical 
value recovered from the phone. 

Locations are based on cell phone towers. 

Actual location was nearby. 



2j SKype uan Kecoromg 
yj Skype Chat History 
2j Surround Recording 
History 

2j YAHOO Chat History 



□ 
□ 
□ 
□ 
□ 
□ 



ess of a location, click the certain marker on above map. 
lata 



012-05-20 21 :55:43 
012-05-20 21 47:43 
012-05-2016:17:20 
012-05-20 16:09:27 
012-05-2016:01:20 
012-05-20 15:53:27 
012-05-20 15:45:27 
012-05-20 15:37:26 
012-05-20 15:29:26 
012-05-2015:21:26 
2012-05-2015:13:26 
2012-05-20 15:05:24 
2012-05-20 14:57:25 
2012-05-20 14:49:23 
2012-05-2014:41:23 
2012-05-20 14:33:23 



Phone 

5713 
5712 
5713 
5712 
5713 
5712 
5713 
5712 
5713 
5712 
5713 
5712 
5713 
5712 
5713 
5712 



Latitude 



, , Map data ©2012-teoagle - 



Longitude 



36 00569444444444 

56 00569444444444 

36.65923611111111 

30.0592361 1111111 

36.650625 

30.05597222222222 

33.35597222222222 

30.0592361 1111111 

33.350625 

30.050625 

33.350625 

30 05256944444444 

30.04451 366666339 

30.04451 336666669 

36.64738111111111 

30.001100555555554 



■115.14&02777777777 
■115.14902777777777 

■77 04930555555555 
■77.04540611111112 
■77 04019444444445 
■77 04519444444445 
■77 04930555555555 
■77.04540611111112 
■77.04540611111112 
■77.04540611111112 
■77.04729166666667 
■77.037361 11111111 
■77.037361 11111111 
■77.Q60&Q277777776 
•77.17333333333333 



List of pictures that have been uploaded 



File View Tools 

\3m 



Python Plug-ins Report Help 

& § mm & & s 



I radio 



^/ logged pictures^er 



m-m 

m-m 

m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 
m-m 



com .android .providers .telephony J 
com .android .providers .userdictior 
com .android .settings 
com .android .vending 
com cellmania. android. storefront, 
com .cooliris .media 
com google android .apps .genie .c 
com .google .android .apps .maps 
com .google .android .apps .upload 
com .google .android 



com .google .android 
com google android 
com .google .android 
com google android 
com .google .android 
com .google .android 
com .google .android 
com.joeykrim.rootch 
com.paraben.servic 
com .swype .android 
com.telespree.andn 
com.twidroid 
lookOut. Secure 
£3 databases 

1 Q Email Database. db 

£3 files 

| [U S46B7086975769&callrE 

| Q 346870869757G9&3ps5i 

| Q 546870369757e&ksteaH 

j Q Contact Hash 

; Ql debug Log 

! Q) latestbookmaj 



|HexView |FileInfc| 



00000000 
00000016 
0000002C 
00000042 
00000058 
0000006E 
00000084 



AC ED 00 05 

75 4C 69 73 

65 78 7 

31 32 30 35 

47 5F 32 30 

00 17 49 

6A 7 67 



4D 47 

78 



73 72 00 13 6A 61 76 61 2E 75 

7 4 7 3 31 D2 ID 99 C7 61 3D 03 

00 00 03 77 04 00 00 00 0C 74 

32 30 5F 31 33 33 35 34 37 2E 

31 32 30 35 32 30 5F 31 33 33 

5F 32 30 31 32 30 35 32 30 



74 69 6C 2E 41 72 72 61 

01 4 9 00 04 73 6 9 7 A 

00 17 49 4D 47 5F 32 30 

6A 7 67 74 00 17 4 9 4D 

39 30 32 2E 6A 70 

5F 31 33 34 32 33 



....sr.Java.util.ArrayListx 

3....l..siz0x|3.... W t . . 

IMG_20120520_133547.jpgt. 
IMG_20120520_133902.jpgt. 
IMG_20120520_134236.jpgx 



l"D loggedpictures.ser 

lU iii i L ii uy.un 

shared_prefs 

■Q) audio_recording_settings , 






. . . .sr. . j ava .utH . Arra 

ylistx a. . . .1. . aiz 

exp . w t . . IMG_20 

120520_133547 . jpgt . . IM 
G20120520133902 .jpgt 
. IMG_20120520_134236 . 
jpgx 



J ^ Find: 



Length 



Values | E Bookmark: | 4 _ Highlights [0 results] | 



data/data/lookOut.Secure 
files 

loggedpictures.ser 



Stealth Club > My Phones > Pictures History 



Logged in as Michael Robin son [Logout] 



y] Account Home 
y] Add New Phone 
yj View Phones 
2j Installation Guide 

Blackberry Messenger 
Configurations 
yj How Spy Call Works 
y] Invoices 
jj Update Profile 
yj Change Password 
yj Logout 



Cell Phone Lojjs 

y] Calls History 
yj SMS History^ 
y] Contac 

yj AMmntments History 

Internet Browsing History 
yj Bookmarks History 
yj Emails History 



....sr..java.util.ArrayListx 

3....l..siz0x|3... • W *t • • 

IMG_20120520_133547.jpgt. 
IMG_20120520_133902.jpgt. 
IMG_20120520_134236.jpgx 



yj Access Tracker 

yj Bookmarks History 

yj Emails History 

yj Internet Browsing History 

yj Keystroke Logs 

>j Location History 

yj MSN Chat History 

yj Screenshot History 

Skype Call Recording 
yj Skype Chat History 
*j Surround Recording 
HifiTnrv 



Phone | Phone- 1 $ \ Sort By | Stealth Date/Time i ] Order [ Descending 
ij Select Ally Deselect All 



I Show | 





□ I 

2012-05-20 13:39:02 




□ I 

2012-05-2013:33:48 



De etc Se'ccte^ ^T>owiload Selected 



Stealth Club > My Phones > Pictures History 



Logged in as Michael Robin son [Logout] 



MoSieallh 



y] Account Home 
y] Add New Phone 
yj View Phones 
2j Installation Guide 

Blackberry Messenger 
Configurations 
yj How Spy Call Works 
y] Invoices 
jj Update Profile 
yj Change Password 
yj Logout 



Cell Phone Logs 

y] Calls Histor 
^jSMSHij 
y] Conj 

yj ^^ointments Histo 
[Intern et Br^irffgH i sto ry 
>j |BM*l(tfarks History 
^Emails History 



Phone | Phone- 1 $ | Sort By | Stealth Date/Time 
ij Select Ally Deselect All 



I Show | 





Dj 



2012-05-20 13:42:36 



20120520134236.jf 



+ 3 http://www.mobistealth.com/picture/e8S 52eS4657aS58ece0ScdD1179dd637/8468708697S769S/2 DlZ0520134236.jpg 



..sr..java.util.ArrayListx 

3....l..siz0x|3... . W *t • • 

IMG_20120520_133547.jpgt.. 
IMG_20120520_133902.jpgt.. 
IMG_20120520_134236.jpgx 

The MD5 hash of this downloaded 
file matches the MD5 hash of the 
picture stored on the phone. 



jj Skype Call Recording 
yj Skype Chat History 
Surround Recording 
Hifitnrv 



MobiStealth - Monitor Kids, Calx... 




Untitled - Notepad, 



File View Tools Python Plug-ins Report 

MB # # # 1 ^ 03 <•> <h 



Help 



File Edit Format View Help 




<?xml versi on='l. ' encodi ng=' utf -6 ' standal one='yes ' ?> 
<map> 

app_i mei ">8468^ ^< . str i ng> 

ftp_r est_passwd "> ^ ^z</str i ng> 

"I i cense_ver si on">Pro-x</str T ng> 
1 i c e n s e_st at u s " >act i ve </ string > 
second_servi ce_ti me'pl33768930Q527<Wtr"i ng> 



<stnng name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 

<string name: 



/data/data/lookOut.Secure/shared_prefs/configurations.xml 
Contents: 

• IMEI 

• FTP connection information 

• CDMA 

• Phone Model 




'f tp_port">21</stri ng> 
r f tp_i nit_user ,r >| 

' c all r e c_mo d e " >strate g y_a | mo de_1 </ st r i n g > 
'1 ocati on_i nterval ">8</stri ng> 
'f tp_rest_user ">mobi steal th| 
r l ocal _phone_number ">571^ ^''str i ng> 
'ftp_i nit_passwd">| |< stt'irg> 

<stri ng name="l ogupl oad_date">22</stri ng> 
<stri ng name="f tp_server_i p">| 

<boolean name="app_f i rst_l aunch" val ue="f al se" /> 
<boolean name="app_conf i gurati on_created" value="true" /> 
<str i ng name=' r f tp_l og_user "sj 
<string name="f tp_l og_passwd' 
<stri ng name="phone_typ"xiDMA</st 
<string name="phone_model ">VM670< 
</map> 



MOBILE-?'" - 

SPY SOFTWARE FOR SMARTPHOJJE5 



URL history 

http://asd-ms.com/ms5-a/ms5-2.l-above.apk 



downloads. db entry 

uri: http://asd-ms.com/ms5-l/ms5-2.l-above.apk 
Hint: ms5-2.l-above.apk 

_data: /mnt/sdcard/download/ms5-2.1-above.apk 



SD Card 

\download\ms5-2.1-above.apk 



A couple of glitches... 

On the version we tested, we noticed: 

• E-mail alerts were sent back to a monitoring e-mail 
address; however, no data appeared on the website. 

• After installation, the battery life dropped to 8-10 hours 
from nearly 20 hours. 




The website requires the user to update his/her password. 
As a result, the password stored on the device needs to be 
updated, which means physical access is required again. 



MOBILE- =rN? 

SPY SOFTWARE FOR SMARTPHOJJE5 



Q Physical Analyzer 



Installed applications are listed in: 
/data/data/com. sprint.zone/databases/zone.db 



< c 



EhE? com. android .provid A .telephony 
E)-£^ com. android. provides. usendictionary 
E-£5 com. android. settini 
El-P^ com. android. vendi 
0-£5 com. cooliris. media 
Ej-£5 com. google. andruil.apps. books 
f+l-p^ com. google. androp.apps. maps 
El-P^ com. google. androB.gm 
E)"£5 com. google. andndc.googlequicksearcl 

com. google. andrJd.gsf 
S"£?' com. google. andrld. location 
EEl-p^ com. google. andif id.partnersetup 
El -P^ com .google .andlid .syncadapters .cale 
(±]"£5 com .google .andftid .syncadapters .cont 
©■■£^ com. google. andjDid.voicesearch 
E-'B com. google. anJoid.youtube 
GEl-P^ com.joeykrim.rofitcheck 

com.layar 
E)"£3 com.retina22.n§G 
t+l-P^ com. Samsung 
EEl-p^ com.samsunglhoneinfo 
BHB com .sec .andrld .providers .downloads 
E"£^ com. sec. andJid. providers .drm 
B-£? com. sprint .ce|jpdater 
B-P 3 ? com.sprint.ii 



- 



tiles 



3 ► 



diagnost1cs_tbl 
features_tbl 
infujbl 
installed_apps 
pages_tbl 
report_tbl 
sqlite_sequen( 
strings_tbl 
tablealert 
table_settings 
versions tbl 



AJI Projects 



pyData6.0,xml X ^FileDump x Kjone.db X | 



pname 



time 



version_code versianname app_statu: 



06 Oct 2011 09:51:42 PST 15 

20 May 20 12 05:41:20 PST 1 

20 May 20 12 05:41:22 PST 10 

com .samsung.lnputEventApp 06 Oct 2011 09 :51 :42 PST 1 

com.samsung.KeyBoanrJSlideUpCounter 20 May 2012 05:41:32 PST 10 
I com sa m 5 u ng. i ntemal 



06 Oct 2011 09:51:42 PST 



i: 



1.3.7 



1.0.0 



2.3.6 



1.0.0 



2.Z 5 



2.3.4 



Package: com.retina22.ms6 

Name: Android Toolkit 

Date: 21 May 2012 11:06:57 PDT 

Version: 5.0 



D.SPR.STUB 



WlanTest 



06 Oct 2011 09:51:42 PST 
06 Oct 2011 09:51:42 PST 



20 May 2012 05:42:00 PST 10 
20 May 2012 05:42:02 PST 10 
06 Oct 2011 09:51*42 PST 1 



01 A ug 2008 05 : 00 : 00 PST 2 102 
01 Aug 2008 05:00:00 PST 4005 
01 A ug 2003 05 : 00 : 00 PST 30001 6 




..0.0 



1.0 



2.: ; 



2.B 5 



1.0.0 



2.1.2 



SZ 4.0.5 



BoostZone 3,0.16 



installed * 



installed 



installed 



installed 



installed 



installed 



installed 



installed 



installed 



\ir.a ad 



installed 



installed 



installed 



installed 



installed 



installed 



\ir.a ad 



installed 



installed 
"t".a ad 



\ir.a ad 



installed 



installed 



Incidentally, "Seizure Service" 
is Paraben's Device Seizure. 



21 May 2012 11:06:57 POT 5 



21 May 2012 15:33:16 PDT 1 



1.0.0 



removed 



MOBILE- =rN? 
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<package 



Q Physical Analyzer 



File View Tools Python Plug-ins Report 

\\S& § @ ^ eP # I ^ & $ 



EEl-P^ com .sec .android .providers .downlo: 
B-P^ com .sec. android. providers. drm 
0"E? com. sprint .ce.updater 
□■■S com .sprint .zone 
databases 

! Q zone.db 

a-B files 
E)-£3 shared_prefs 
E)"E com .swype. android. inpLrtmethod 

rnm tplpn^i; ann anrlnnirl hnngt 



name="com. reti na22. ms6" 
|codePath="/data/app/com. retina22. ms6-l. apk" 
nati vel_i braryPath= '/data/data/com. reti na22. ms6/l i b" 
flags="0" 
ft= 1376fl414B0" 
1t="13770949c24" 
ut="13770949c24" 
versi on=" 5" 
userld="10036"> 

<s i g s c o u nt= T, l "> 

<cert index="10" 

key="30e2023930e201a2a00302010202044ed364eb300d06092ae64ee6f70d01010505003060310b3009060355040613023931 
31123010060355040ei30952616a6173746e616e310f 300d060355040713064a6169707572310d300b060355040al3045253504 
c310d300b060355040bl3045253504c310e3aaca603550403130556696e6f64302ai7ad31313131323B3130333B30335al80f 32 
303631313131353130333B30335a30603iab3aa906035504061302393131123010060355040B130952616a6173746B616e310f 3 
00d060355040713064a6169707572310d300b060355040al3045253504c310d300b060355040bl3045253504c310e300c060355 
0403130556696e6f6430ei9f 300d06092ae64ee6f70d010101050003eied0030eie902eiei009c569a035b6blcled4f27bcl42a 
Iaa9bf279b3d3bab20342476e0cd3b735bb93f 55c7fb09e0ae5e5e2f03B14f4aBabbe0b7B944acfl9173e0eb0b0afd2b36b6744 
93a7cB915aBb51ale7ee3aec92f4d364Blb3a94BB9b0c7e47cf9e4503d0fa6663739B4b9396eBfa67f4c54a6c9b76aef2195bll 
ec34cdeee951a57f9b21fel0203010001300d06092ae64ee6f70d010105050003eiei007e686463ece606fb52417221daaac531 
3ed56501972339flcce3692f23a903235fbce4b20ed6a9103fdle70f 3e0de3026ace0bb49fedal4eae3c09be603b67e6eeeaee7 
bdd9f2154b273bee46c2aal2ecccf 300ef4293f7166659efba725095ff 377c79al0elfei24ea7a0b769fb960b3e7cd920al4a33 
ffB27aae294B35e2c5" /> 



</si gs> 
<perms> 



/data/system/Packages.xml 
has a list of installed apps and 
the set of permissions. 



GEI-h" 1 ' registered services 

El-j2" sharedjDrefs 

Q sync 

S -B throttle 

©•••£■ usagestats 

Ql accounts .db 

i Ql appwidgetsjcnl 

. Ql batterystats.bin 

i Q| called_pre_boots.dat 

i Q entropy.dat 

J-6 



i Q packages jjtiI 




<~item 
<item 
<item 
<i "Lern 
<i "Lern 
<i "Lern 
<i "Lern 
<i "Lern 
<i Hem 
<i "Lern 
<item 
<i "Lern 
<i "Lern 
<i "Lern 
<i "Lern 
<i "Lern 
<i Hem 
<i "Lern 
<i "Lern 
<i "Lern 
<item 
<i t e rm 
<item 



name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 
name= 



"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"androi d 
"com. andr 
"androi d 
"androi d 
"androi d 
"com. andr 



permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
permi 
oi d. b 
permi 
permi 
permi 
oi d. b 



. > 



/> 



ssi on 
rowse 



GET_TASKS" /> 
SEND_SMS" /> 
P ROC E S S_0 UTGO I N G_C AL L S 
WRITE_EXTE RN AL_STO RAG E 
READ_LOGS" /> 
WRITE_SMS" /> 
ACCESS_WIFI_STATE™ /> 
RECEIVE_SMS' r /> 
ACC E S S_CO ARS E_LOC ATIO N 
RE AD_CO NTACTS /> 
CALL_PHONE" /> 
WRITE_CO NTACTS" /> 
MO DI F Y_AU DIO_S ETTI NGS" 
RE AD_P HO N E_STATE /> 
RE AD_C AL E N DAR /> 
READ_SMS" /> 
REC E I VE_BOOT_COM P L ETE D 
INTERNET" /> 
WRITE_S ETTI N G S " /> 

permission. WRITE_HISTORY_BOOKMARKS 
ACCESS_FINE_LOCATION" /> 
C HAN G E_N ETWO RK_STATE ' ' /> 
ACC E S S_N ETWO RK_STATE /> 

permission. re ad_h I stq ry_boo km arks /> 



/> 



/> 



</perms> 



<di sabl ed-components> 

<item name="com. reti na22. ms6. uses. screenActi veRecei ver " /> 
<item name="com. reti na22. ms6. 1 oggi ng. Applnstal 1 edobser ver " /> 
</di sabl ed-components> 
</package> 



1 1 packages -more -backup j-irnl 
■Q| uiderrore.txt 
Q| wallpaperjnfoxml 
tombstones 



Offset 



Length 



Value 



Source 



< c 



Values | 03 Bookmark: ^ Highlights. 



Len gth : 0x1 A36 D Offset: 0x0 Sel ecti o n : 0x12032 



MOBILE- =rN? 
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§ Physical Analyzer 



I ^ | Is) 



File View Tools Python Plug-in: R.eport Help 
Project Tree 



E1"E com .cooliris .media 

E)-P^ com .google .android .apps .books 

E1--& com .google .android .apps .maps 

E com .google .android .gm 

El-P 3 ? com .google .android .googlequicksearchbox 

E)-P^ com .google .android .gsf 

EE)- -£3 com .google .android .location 

B -p^ com .google .android .partneraetup 

(+)■■& com .google .android .syncadapters .calendar 

(+)■■& com .google .android .syncadaptera .contacts 

E)-P^ com .google .android .voicesearch 

E) -P^ com .google .android youtube 

El -F^ com.joeykrim.rootcheck 



EI-E3 shared_prefs 

1 Q) Mobile Spy DataG.Oxnl 

El-P^ 1 com.samsung 
El-F^ com. Samsung. phoneinfo 
EI --E com .sec .android .providers .downloads 
E)"E5 com .sec. android .providers .drm 
El-S com. sprint. ce.updater 
E)-P^ com .sprint. zone 
E) "E? com .swype .android .inputmethod 
Ej-F^ 1 com .telenav.app .android .boost 
SHE 1 factory 
El -E local 
E-S log 
E)- £5 rnisc 
ElHB property 
El-F^ 1 system 
EI-E3 tombstones 
Q| .mac .info 



A Projects 



/""RetinaXS martphoneb.P X j^" M o b i I eSpy D atao ,0 ,xm I X | 




| Database view | Hex View I File Info I 



AppUsesTable 


;o) 


Application Contents Web (0) 


BlockedApps 


[Oi 


Ca 1 end a rContentsWeb 


[Oi 


CallConterrts Email 


[Oi 


CallContentsWeb 


[0i 


CellldContentsWeb 


[0i 


Co nta ctCo nte nts We b 


[Oi 


GpsContents Email 


[Oi 


GpsContents Web 


■0) 


PhoneUsesTable 


[Oi 


PhotoContentsWeb 


[Oi 


SmsContentsEmail 


[Oi 


SmsContentsWeb 


[Oi 


UrlContentsEmail 


[Oi 


Url Contents Web 


[Oi 


androidjmetadata 


(1) 


sqlite_sequence 


(7) 



name 

□ ContactContentsWeb 

□ CellldContentsWeb 

□ SmsContentsWeb 

□ SmsContentsEmail 



□ PhotoContentsWeb 



O CallContentsWeb 
□ CallContentsEmail 



/data/data/com. retina22.ms6 
/databases 
/shared_prefs 



MOBILE- =rN? 
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Q Physical Analyzer 

File View Tools Python Plug-ins Report Help 




Attribution! 

Email ID 
(Monitoring Address 



E^-P^ 1 com. google. android .syncadapters. calendar 
GjD-p^ com. google. android .syncadapters. contacts 

com. google. android .voicesearch 
GjD-P^ com. google. android. youtube 
El-p 3 ? comjoeykrim.rootcheck 
GjD-p^- com.layar 

com.retina22.ms6 
S-E 1 databases 

1 Q) RetinaXSmartphoneG.D 

I I 3 r— I 

; -|| Mobile Spy Data€.Oxnl I 
+ ••• com. Samsung 
EE--E? com. Samsung. phoneinfo 
El-p^r com. sec .android .providers. downloads 
(jl-P^ com. sec .android, providers, drm 
B-p^r com. sprint .ce.updater 
Ej-p^ com. sprint .zone 
[jl-P^ com. suvpe. android .inputmethod 
B-p^ com. telenav.app. android. boost 

B-£3 factory 

lil-jS local 
E log 

B-P^ 1 misc 

Gjp-p^ property 

Ep-p^ system 

B-p 3 ? tombstones 

| Ql .mac .info 

; P"l i indite snrrfiRS 



<?xml version='1.0' encoding='utf-8' standalone='yes' ?> 
<map> 

<boolean name="KEY_IS_GPS_INFO_CMD M value="true" /> 
<boolean name= M KEY_CELLID_LOG M value="true" /> 
<int name= M KEY_GPS_INTERVAL M value="15" /> 
<string name= M KEY_USER_NAME M >Prevail</string> 
<long name= M KEY_SMS_ID M value="12" /> 
<long name= M KEY_PICTURE_ID M value="2" /> 

<hnnl P an nam P z"KFY IS FMAII GPS>" wall iP="tri ip" /> 



gmail.com</string> j 
value="true" /> 



<string name= l, KEY_EMAIL_ID ll >| 
<boolean name="KEY_IS_SIM 
<boolean name= M KEY_IS_EMAIL_ALERT M value="true" /> 
<boolean name= M KEY_IS_EMAIL_REPORT M value="true" /> 
<int name= M KEY_XML_UPLOADER_TIME M value="30" /> 
<boolean name= M KEY_LOCK_LOG M value="true" /> 
<long name= M KEY_LAST_REPORTING_TIME M value="1337649226670" /> 
<boolean name="KEYJS_SIM_INFO_CM D" value="true" /> 
<string name= M KEY_IMSI_NUMBER M >31(^^^^^^</stnng> 
<boolean name= M KEY_IS_EMAIL_SMS M value="true" /> 
<boolean name= M KEY_IS_ACTIVE M value="true" /> 
<boolean name= M KEY_WIPE_LOG M value="true" /> 
<long name= M KEY_CONTACT_ID" value="8" /> 
<int name= M KEY_ACCOUNT_PULLER_TIME" value="345" /> 
<boolean name= M KEY_IS_EMAIL_CALL M value="true" /> 
<boolean name= M KEY_GPS_LOG M value="false" /> 
<string name="KEY_FRIEND_NUM M >410^^^Bc/string> 
<boolean name= M KEY_IS_EMAIL_URL M value="true" /> 
<long name= M KEY_CALL_ID M value="7" /> 
<boolean na me= M KEY_IS_FI RST_TI M E" value="false" /> 
<int name= M KEY_EMAIL_INTERVAL M value="15" /> 
<string name= M KEY_USER_ID M >100C^^B</string> 
<boolean name= M KEY_IS_LIVE_PANEL M value="true" /> 
</map> 
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■p^ com. cooliris. media 

■p^ 1 com. google. android .apps. books 

■p^ com. google. android .apps. maps 

■p 3 ? com. google. android .gm 

P^ com. google. android .googlequicksearchbox 

■■P 3 ? com. google. android .gsf 



Last Reporting Time 
Mon May 21 2012 
21:13:46 GMT-0400 (EDT) 



_J RetinaXSmartphoneG.D 



F 



Mobile Spy Datafi.Oxnl 



) 



+ ■■■ com.samsung 
El-p^ com. Samsung. phoneinfo 
E)-p^ com. sec .android .providers. downloads 

com. sec .android. providers. drm 
E)-p^ com. sprint .ce.updater 
E)"E? com. sprint .zone 
$"P^ com. swype. android .inputmethod 
EI--E3 com. telenav.app. android. boost 
E)-£3 factory 

local 
lj)"E log 
E)-P^ misc 
GjD-p^ property 
GjD-p^ systeni 
El-p 3 : tombstones 
i Q .mac .info 

1 P"l nnrl^tfi fiiirrfiss 



<?xml version='1.0' encoding='utf-8' standalone='yes' ?> 
<map> 

<boolean name="KEY_IS_GPS_INFO_CMD M value="true" /> 

<boolean name= M KEY_CELLID_LOG M value="true" /> 

<int name= M KEY_GPS_INTERVAL M value="15" /> 

<string name= M KEY_USER_NAME M >Prevail</string> 

<long name= M KEY_SMS_ID M value="12" /> 

<long name= M KEY_PICTURE_ID M value="2" /> 

<boolean name="KEY_IS_EMAIL _GPS" value="true" /> 

<string name="KEY_EMAIL_ID">| |@gmail.com</string> 

<boolean name= M KEY_IS_SIM_CHANGE_NOTIFICATION M value="true" /> 

<boolean name= M KEY_IS_EMAIL_ALERT M value="true" /> 

<boolean name= M KEY_IS_EMAIL_REPORT M value="true" /> 

<int name= M KEY_XML_UPLOADER_TIME M value= M 30" /> 

<hnnlpan namp="KFY I DTK I OfV' \/ah iP="tn ip" /> 

<long name="KEY_LAST_REPORTING_TIME" value="1337649226670"| '> 
<boolean name="KEY_IS_SIM_INFO_CM D" value="true" /> 
<string name= M KEY_IMSI_NUMBER M >31(^^^^^^</stnng> 

<boolean name= M KEY_IS_EMAIL_SMS M value="true" /> 
<boolean name= M KEY_IS_ACTIVE M value="true" /> 
<boolean name= M KEY_WIPE_LOG M value="true" /> 
<long name= M KEY_CONTACT_ID" value="8" /> 
<int name= M KEY_ACCOUNT_PULLER_TIME" value="345" /> 
<boolean name= M KEY_IS_EMAIL_CALL M value="true" /> 
<boolean name= M KEY_GPS_LOG M value="false" /> 
<string name="KEY_FRIEND_NUM M >410^^^Bc/string> 
<boolean name= M KEY_IS_EMAIL_URL M value="true" /> 
<long name="KEY_CALL_ID M value="7" /> 
<boolean na me= M KEY_IS_FI RST_TI M E" value="false" /> 
<int name= M KEY_EMAIL_INTERVAL M value="15" /> 
<string name= M KEY_USER_ID M >100C^^B</string> 
<boolean name= M KEY_IS_LIVE_PANEL M value="true" /> 
</map> 
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B-P^ com. cooliris. media 
E-E com .google .android .apps .books 
B-P^ com .google .android .apps .maps 
B-P^ com. google. android .gm 
E)-E com. google. android .googlequicksearchbox 
B-P^' com. google. android .gsf 
B-P 3 ? com. google .android .location 
B-P^ com. google. android .partnersetup 
B -E com .google .android .syncadapters .calendar 
B-G com .google .android .syncadapters .contacts 
B -P^ com .google .android .voicesearch 
B-S com. google. android .youtube 
B-P^ com.joeykrim.rootcheck 
B-P^ 1 com.layar 
B-P^ com.retina22.ms6 
(=)■■■& databases 

1 Q| RetinaXSmartphoneG.D 



Mobile Spy Datafi.Oxnl 



+ ■■■ com.samsung 
B-p^ com. Samsung. phoneinfo 
B -P^ com .sec .android .providers .downloads 
com. sec .android. providers. drm 
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■Q) .mac .info 



<?xml version='1.0' encoding='utf-8' standalone='yes' ?> 
<map> 

<boolean name="KEY_IS_GPS_INFO_CMD M value="true" /> 
<boolean name= M KEY_CELLID_LOG M value="true" /> 
<int name= M KEY_GPS_INTERVAL M value="15" /> 
<string name= M KEY_USER_NAME M >Prevail</string> 
<long name= M KEY_SMS_ID M value="12" /> 
<long name= M KEY_PICTURE_ID M value="2" /> 
<boolean name= M KEY_IS_EMAIL_GPS M value="true" /> 
<string name= M KEY_EMAIL_ID M >| 



)gmail.com</string> 
<boolean name= M KEY_IS_SIM_CHANGE_NOTIFICATION M value="true" /> 
<boolean name= M KEY_IS_EMAIL_ALERT M value="true" /> 
<boolean name= M KEY_IS_EMAIL_REPORT M value="true" /> 
<int name= M KEY_XML_UPLOADER_TIME M value="30" /> 
<boolean name= M KEY_LOCK_LOG M value="true" /> 
<long name= M KEY_LAST_REPORTING_TIME M value="1337649226670" /> 
<boolean name="KEY_IS_SIM_INFO_CM D" value="true" /> 
<string name= M KEY_IMSI_NUMBER M >31(^^^^^^</stnng> 
<boolean name= M KEY_IS_EMAIL_SMS M value="true" /> 
<boolean name= M KEY_IS_ACTIVE M value="true" /> 
<boolean name= M KEY_WIPE_LOG M value="true" /> 
<long name= M KEY_CONTACT_ID" value="8" /> 
<int name= M KEY_ACCOUNT_PULLER_TIME" value="345" /> 
<boolean name= M KEY_IS_EMAIL_CALL M value="true" /> 
<boolean name="KEY GPS LOG" value="false" /> 
<string name="KEY_FRIEND_NUM">410^^^Bc/string>| 
<oooiean name=TTF^^TTOn^^R^7ciTu5^Hj^7^^^ 
<long name= M KEY_CALL_ID" value="7" /> 
<boolean na me= M KEY_IS_FI RST_TI M E" value="false" /> 
<int name= M KEY_EMAIL_INTERVAL M value="15" /> 
<string name= M KEY_USER_ID M >100C^^B</string> 
<boolean name= M KEY_IS_LIVE_PANEL M value="true" /> 
</map> 
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CASE DATA 



T DEVICE 



GENERAL INFORMATION 



NETWORK INFORMATION 



APP USAGE 



KEYBOARD CACHE 



CONTACTS 



CALLS 



► MESSAGES 



► LOCATIONS 



► WEB 



T FILES 



PICTURES 



AUDIO 



DOCUMENTS 



ARCHIVES 



General Information 

General information about the device 
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Attribute 

Serial Number 

Activation State 
Unique Device Id 
SIM Status 
Baseband Version 
Storage Capacity 
Storage Available 
WiFi Address 
Bluetooth Address 
Model Number 



Device Status 



Number 



Ac:ual F c:j-e 




13.6 GB 
13.2 GB 



1 (202) 



Activated 


Device Status: 




Ready 
2.0.12 


Jailbroken 





Installed Applications 
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DesiredlconState.plist 



< a t r i ng>c cm . appl e . mcbi 1 e ipc d< / a t r i ng> 
</array> 

<key>iccnLiata-;/key> 
<array> 

<array> 

< a t r i ng>ccm. appl e . Mcb i 1 e S }£S -; / a t i :ig> 
-iatring>com. apple - mobile cal< /at ring> 

< a t r i ng>com- appl e . mcbi 1 e a 1 i de ahc w-; / a t r i ng> 
Otri ng>cam. appl e _ came r a< / a t r i ng> 

< a t ri ng>CQin. appl e . videoa</atring> 
-;atring>ccm- apple . ycutube</ atring> 

< a t ri ng>com- appl a _ Mapa </at ring> 
■Otring>ccm- apple .weather-;/ atring> 
<atring>cain. apple _mcbilenctea</atring> 



Hidden Applications: 
com.saurik.Cydia 

com.yourcompany.OwnSpyRegister 



._ apple . atocka</atring> 
ul t Ui apl a yName < / k e y > 



array? 

<atring>c : 
<dict> 

<key>defl 

<atring>Tjkilitiea</atring> 

< ke y>di ap^yName < / k e y> 
<atring>Utmitiea< / atring> 

< ke y>i c anLi be a< / ke y> 
<array> 

<array> 

< a t ri ng^cm. appl e . Mcbi 1 e Addr eaaBcck-;/a t r i ng> 
<atring>«m- apple . calculator ^/atritig> 
<atEing>c«i. apple . ccmpaaa</atring> 
<atring>c[A apple .VciceMemca-;/atring> 
</array> 
</array> 

<key>liatType</key^ 
-i/dict> 

<atring>ccm. aaurik -Cydia</atring> 

<atring>ccm_ ycur company . C>wnSpy^egiater-;/atritig> 
f array> 



</dict> 
</pliat> 
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IconState.plist 



Of* XML View 



<atring>ccm. apple -mcbilemail</atring> 
<atring>ccm. apple .mcbileaaf ari</ atring> 
<atring>ccm. apple .mcbileipcd-;/atrin.g> 
</ arrays- 

<key>icanLiata</key> 
<array> 

<array> 

<atring>ccm_ apple . Mcbi 1 e SMS </ atring> 
<atring>ccm. apple .mcbilecaK / atring> 
<atring>ccm- apple .mcbilealideahcv-;/atring> 
<atring>ccm. apple . earner a-i/atring> 
<atring>com. apple - video a-; /at ring> 
-satring>com. apple . ycutube</atring> 

< a t r i ng>c cm. appl e . Mapa </atri ng> 
<atring>ccm. apple .weather</atring> 
<atring>com_ apple _mcbilenctea</atring> 

< a t r i ng>ccm_ appl e . Eemiadera</ atring> 
<atring>com_ apple .mobile timer < /at ring> 

< a t r i ng>com_ appl e . game c e nt e r < / a t r i ng> 

< k e y >di apl a yName < / ke y > 

< a t r i ng>He wa a t and-; / a t r i ng> 
<key>iccn.Liata</key> 
<array/> 

< ke y >1 i a tType < / ke y > 
<a t r i ng>ne wa a t and< ./ a t r i ng> 
</dict> 

<atring>ccm_ apple _McbileStcre</atring> 
< a t r i ng>c om_ appl e . AppS t □ r e < / a t r i ng> 
<atring>com_ apple . Pref erencea-;/atririg> 
</array> 
<array> 

<atring>ccm. apple . atccka-;/atring> 
<dicfc> 

< k e y >de f aul t Di apl a yName < / k e y > 
<atring>Utilitiea-;/atring> 

< ke y >di apl a yName < / ke y > 
<atring>Utilitiea-;/atring> 
<key>iccciLiata-;/key> 
<array> 

<array> 

< a t r i ng>com. appl e . Mcbi 1 e Addr e a a Be c k < / a t r i ng> 
<atring>com. apple . calculatcr-i/a tring> 
<atring>ccm. apple . ccmpaaa</atring> 
<atri ng>com. appl e . Vol ceMemo a < / a t r i ng> 
</ array> 
</array> 

< ke y>l i a t T ype < / ke y> 
< a t ring>r c 1 de r < / a t ri ng> 
< /diet > 
</array> 
</ array> 
</dict> 
</pliat> 
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Qj com. apple. ubd. plist 

Qj com. apple. voiceservices. plist 



com .ownspy.daemon .plist 



Qj Date Formats .plist 

Q Desired Icon State. plist 

Q Effective UserSettings. plist 

Qj History plist 

Qj History.plist 

Q Icon State. plist 

Qj Info.plist 

Qj Info.plist 

Q Keyword Index.plist 

Qj MC Data Migration. plist 

O MCMeta. plist 

■Qj net .mobileinnova Jibhidelocation .plist 

Q net.mobileinnova.push.plist 

Q| network -constraints. plist 

Qj newsstand_regular.plist 

Q pasteboard DB 

Q Payload Manifest .plist 

Qj Plugin Registry .plist 

Q Prof ileTruth. plist 

Qj Search Engines. plist 

Qj softwareupdategervicesd. plist 

Pi Suspend State. plist 

Qj transient Settings. plist 

Truth .plist 

Q url-resolution .plist 
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<?xml version="1.0" encoding="UTF-8"?> 

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 

"http://www.apple.eom/DTDs/PropertyList-l.0.dtd"> 

<plist version="1.0"> 

<dict> 

< key >a p p I og</key > 
<array/> 

< key >fi rst P i ct u re</key > 
<integer>l</integer> 

< key >fi rstSy n c</key> 
<integer>l</integer> 
<key>key</key> 

<string>( B</string> 

<key>lastABPersonlD</key> 
<integer>2</integer> 

< key > I a st A B Va I u e I D </ key >_ 
<integer>l</integer> 




<key>lastCHread</key> 

<integer>l</integer> 

<key>lastSMSread</key> 

<integer>5</integer> 

<key>lastWH Date</key> 

<real>360668832</real> 

</dict> 

</plist> 
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-Ql com.apple 
-Ql com.apple 
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-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
-Q com.apple 
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-Q com.apple 



.keyboard .plist 
.Launch Services .plist 
.locationd .notbackedup .plist 
.locationd .plist 
.mms_ovem'de .plist 
.mobile . Sync Migrator.plist 
.mobilecal .plist 
. Mobile Internet Sharing .plist 
.mobilephone .plist 
.mobilesafari .plist 
.mobileslideshow .plist 
.Mobile SMS. plist 
.preferences .datetime .plist 
.Preferences .plist 
.purplebuddy.notbackedup .r: 
.purplebuddy.plist 
.springboard .plist 
.stocks. plist 
.ubd. plist 

voiceservice^plist 
.weather.rj 
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El-B Software Update 
S-B Spotlight 
©■■£ SpringBoard 
E)-P^ Synced Preferences 
E)"B Voicemail 
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S-B Web Kit 
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- Analyzed Data 
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net. mobileinnova.libhidelocation. plist 

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN' 
http://www.apple.eom/DTDs/PropertyList-l.0.dtd> 
<plist version="1.0"> 
<dict> 

<key>com.ownspy.daemon</key> 

<true/> 

</dict> 

</plist> 
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net. mobileinnova. push. plist 

<?xml version= ,, 1.0" encoding= n UTF-8 n ?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN* 
http://www.apple.eom/DTDs/PropertyList-l.0.dtd> 
<plist version="1.0"> 
<dict> 

<key>services</key> 
<array> 

<string>com.ownspy.daemon</string> 

</array> 

</dict> 

</plist> 
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: No such file or d 
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Highlights 












































B S [3 H Find: Q 



Length 



£2 Values IE Bookmarks] 4 Highlights [ 



Length: 0x10 OFF Offset: 0x0 Selection: 0x0 




First run time 



■2012-06-06 05:25:15.562 _ker nel [491 : 707] OwnSpy Daemon v!389 started! 



12012-06-06 05:25:15.565 _kernel [491 : 707J Checking log size... 

12012-06-06 05:25:15.567 _kernel [491 : 707] Log size is: 134 

12012-06-06 05:25:15.568 _kernel [491 : 707] Trying to install addons... 

Irm: cannot remove \/tmp/l i bpush. deb ' : No such file or directoryd 

Ipkg: status database area is locked by another process 

I Downloading libpush library from Mobile innovati ons. .. instal 1 i ng. . . 

Irm: cannot remove \/tmp/l i bhi del ocati on. deb ' : no such file or directoryd 

Ipkg: status database area is locked by another processDownl oadi ng libl ocati on library from Mobile innovati ons. .. instal 1 i ng. . . 



1 2012-06-06 05:25:18,316 _kernel [491 

12012-06-06 05:25:18.515 _kernel [491 

1 2012-06-06 05:25:18.519 _kernel [491 

|2012-Q6-06 05:25:18.529 _kernel [491 



707] CRITICAL I I I It seems libLocation does not exists [ 

707] Checking battery level... 

707] battery: 

707] checking for reseller 



|2012-06-06 05:25:19.507 _ker nel [491 : 707] resp = {"status": 1, "appname": "spyera", "appser verurl " : " ifl H " < "appserver protocol " : "ht^://" 
"debname": "spyera", "i nstal Itext " : "Thank you for installing spyera. Please use the following code tc^omp^t^yoTirreT^stra^TCnon the website:" } 



12012-06-06 05:25:19.511 _ker nel [491 : 707] object: { appname = Spyera; 
I spyera; instal Itext = "Thank you for installing spyera. Please use the 



appserver protocol = "http : //" ; appser 
foil 1 



owing code to complete your regi strati 
2012-06-06 05:25:19. 526 Jcernel [491:707] MD5_Devi celd : A76FA303 50952CE1EBEC2CA48923741 2 

J2012-06-06 05:25:19. 529 .kernel [491:707] htt p : //-^■M^^^^^^M^^^^^^^H I 

|resel 1 er =68a66eb8ee27524824elb7743c89dblb&i d=A76F^ B sr ?g&osver = 5. 1 



|2012-06-06 05:25:20.664 _kernel [491 
1 2012-06-06 05:25:20.666 _kernel 
|20^^^6^6^5^25^20^ 67 Ja^fnelU r! 




URL and Reseller ID 



: TO^^Fesp = ("registered" 

:707] registered = 

:707l Not regi stered I code: 

GNORED 



"code": "r09607a8"> 



12012-06-06 

I 2012-06-06 

I 2012-06-06 

I 2012-06-06 
I di rectori e: 
I Innovati on: 
I previ ously 
I /tmp/1 i bhi 
I Downl oadi n 

I 2012-06-06 

I 2012-06-06 

I 2012-06-06 

I 2012-06-06 

I 2012-06-06 

I 2012-06-06 
"debname" : 

I 2012-06-06 
I spyera; 



05:25:41.041 _kernel [567 
05:25:41.045 _kernel [567 
05:25:41.047 _kernel [567 



s not registered' Trying again in 5 minutes., 
eceived 

707] ownspy Daemon V1389 started — 
707] checking log size... 
707] Log size is: 2438 



— 1 JBQJ.j-H 




debname 



Application Name 
App Serve URL 
Thank you note 



05:25:41.048 _ker nel [567 : 707] Trying to install addons. .. sel ecti ng previously deselected package net . mobi 1 ei nnova. 1 i bpush. (Readi ng database ... 830 files and 
s currently i nstal 1 ed. )unpacki ng net. mobi 1 ei nnova. 1 i bpush (from /tmp/1 i bpush. deb) ...setting up net. mobi 1 ei nnova. 1 i bpush (1.3) ...installing libpush from Mobile 
Activating 1 i bpush. .. checki ng i nstal 1 ati on. .. Li bpush installed successful lyl Downl oadi ng libpush 1 i brary from Mobi 1 e innovati ons. .. install i ng. .. sel ecti ng 



de5elected package net . mobi 1 ei nnova. 1 i bl ocati on. (Readi ng database 
del ocati on. deb) ...setting up net . mobi 1 ei nnova. 1 i bl ocati on (1.0) .. 
g liblocation 1 i brary from Mobi 1 e innovati ons. .. instal 1 i ng. . . 



834 files and directories currently i nstal 1 ed. )unpacki ng net. mobi 1 ei nnova. 1 i bl ocati on (from| 
installing 1 i bl ocati on. . . No matching processes were f oundMobi 1 elnnova - libLocation vO.l 



05 


25:49. 075 


05 


2 5 


49. 077 


05 


2 5 


59. 244 


05 


2 5 


59. 251 


05 


2 5 


59. 270 


05 


25 


00. 184 



"i nstal Itext" 



{"status" 



appname 



"spyera", "appser verurl " : 

. „ -i-U-. 4=,-.! 1 -.l..-! ^^.xJ. 



spyera 

05:26:00.187 _ker nel [567 : 707] object: { appname = spyera; appser verprotocol = "http://"; appser verurl 

instal Itext = "Thank you for installing spyera. Please use the following code to complete your registration on the website 



appserver protocol T 



Thank you for installing spyera. Please use the fol lowing code to complete your registration on the website 

! 



"http://", 
I/"; debname = 



, spyero 



(A Th* Ben ^pyp+iM* Sofi**re 



12012-06-06 05:25:15.562 _ker nel [491 : 707] QwnSpy Daemon V1389 started — 

12012-06-06 05:25:15.565 _ker nel [491 : 707] Checking log size... 

12012-06-06 05:25:15.567 _kernel [491 : 707] Log size is: 134 

12012-06-06 05:25:15.568 _kernel [491 : 707] Trying to install addons... 
Irm: cannot remove \/tmp/l i bpush. deb ' : No such file or directoryd 
Ipkg: status database area is locked by another process 
I Downloading libpush library from Mobile innovati ons. .. instal 1 i ng. . . 
Irm: cannot remove \/tmp/l i bhi del ocati on. deb ' : no such file or directoryd 

Ipkg: status database area is locked by another processDownl oadi ng libl ocati on library from Mobile innovati ons. .. instal 1 i ng. . . 



1 2012-06-06 05:25:18,316 _kernel [491 

12012-06-06 05:25:18.515 _kernel [491 

1 2012-06-06 05:25:18.519 _kernel [491 

1 2012-06-06 05:25:18.529 _kernel [491 

|2012-06-06 05:25:19.507 _kernel [491 

"debname": "spyera", "i nstal Itext" : 



MD5 Device ID 



707] CRITICAL I I I It seems libLocation does not exists 

707] Checking battery level... 

707] battery: 

707] checking for reseller 

707] resp = {'"status": 1, "appname": "spyera", "appser verurl " : "ifl H " < "appserver protocol ' 

"Thank you for installing spyera. Please use the following code t^comp^t^your^^g^st^t^non the website:" } 

707] object: { 



12012-06-06 05:25:19.529 _ker nel [491 : 707] http://- 
I resel 1 er =68a66eb8ee27524824elb7743c89dblb&i d=A76l 

12012-06-06 05:25:20.664 _ker nel [491 : 707] resp = ("registered 

1 2012-06-06 05:25:20.666 _ker nel [491 : 707] registered = 



12012-06-06 05:25:20.667 _kernel [49l|707] Not registeredl Code: 



12012-06-06 05:25:20.668 _kernel [491 

1 2012-06-06 05:25:20.669 _kernel [491 

1 2012-06-06 05:25:40.747 _kernel [491 

12012-06-06 05:25:41.041 _kernel [567 

1 2012-06-06 05:25:41.045 _kernel [567 

I2O12-06-06 05:25:41.047 _kernel [567 



12012-06-06 05:25:49.075 _kernel [567 
1 2012-06-06 05:25:49.077 _kernel [567 
|2012-06-06 05:25: 59. 244 -- ^i*rlTeT[567 




New App on Device: 
com.ownspy.daemon 




707] ALERTS IGNORED 

707] Device is not registered I Trying again in 5 mi nu 

707] Reboot received 

707] ownspy Daemon V1389 started 

707] checking log size... 

707] Log size is: 2438 

707] Trying to install addons. .. sel ecti ng previously deselected package net . mobi 1 ei nnova. 1 i bpush. (Readi ng database ... 830 files and 



12012-06-06 05:25:41. 048 _kernel [567 

Idirectories currently i nstal 1 ed. )unpacki ng net. mobi 1 ei nnova. 1 i bpush (from /tmp/l i bpush. deb) ...setting up net. mobi 1 ei nnova. 1 i bpush (1.3) ...installing libpush from Mobile 
I innovati ons. .. Acti vati ng 1 i bpush. .. checki ng i nstal 1 ati on. .. Li bpush installed successful lyl Downl oadi ng libpush 1 i brary from Mobi 1 e innovati ons. .. install i ng. .. sel ecti ng 
I previously deselected package net . mobi 1 ei nnova. 1 i bl ocati on. (Readi ng database ... 834 files and directories currently i nstal 1 ed. )unpacki ng net. mobi 1 ei nnova. 1 i bl ocati on (from| 
I /tmp/l i bhi del ocati on. deb) ...setting up net . mobi 1 ei nnova. 1 i bl ocati on (1.0) ...installing 1 i bl ocati on. . . No matching processes were f oundMobi 1 elnnova - libLocation vO.l 
(Downloading liblocation library from Mobile innovati ons. .. instal 1 i ng. . . 



707] Registering app to libLocation 

libLocation: registering new app com.ownspy.daemon 
7 07] checking battery level... 



:ery: 

king for reseller 

= {"status": 1, "appname": "spyera", "appser verurl " : "HI "appserverprotocol ' 
du for installing spyera. Please use the following code to complete your registration on the website:" } 

ct: { appname = spyera; appserverprotocol = "http://"; appser verurl 

illing spyera. Please use the following code to complete your registration on the website: 



^ spyero 

ta^ Th^ Beit Spyohon* Sofi^are 

s y 
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_kernel 
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_kernel 


[245: 


2012- 


05 


-05 


05 


53 


59 


208 


_kernel 


[245: 


2012- 


05 


-05 
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53 


59 


211 


_kernel 


[24 5: 



Location 
Speed 
Time/Date 



2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 

2012-06-06 05:53: 



59. 381 
59. 383 
59. 384 
59. 388 
59. 390 
59. 399 
59.413 
59.415 
59.416 



.kernel 
.kernel 
.kernel 
.kernel 
.kernel 
.kernel 
.kernel 
.kernel 
.kernel 



3 : 7(w] registered OK 

5 : .■' Or j tiiuy en ivr its.L l 




24 5 : 4 52j^^Te^e^Lre^Te^^M^^^^ad^ng^h^ 

245:452f] SMSAPI : getPendi ngSMS : opening SMS db 
245:452fl lastRow: 5 

245:452fl smsapi : del eteSMStoiD: opening sms db 
24 5 : 4 52^^flafiMflttflfiMUflflafl^^MfiH*l^flfl^t 




- <+38. 80132575,-77. 16092010> +/- 81.64m (speed -1.00 mps / course -1.00) @ 6/6/12 5:53:59 AM Eastern Daylight Time 
24 5 : 707^^me^famp^oc^^on^^CTW??^^^^^^^^^^^^ 

245:452fl lastRow: 02012-06-06 05:53:59.347 _kernel [245 :452f 1 Checking last WH read 
245:452fl WHAPP_API : i ni t : Open database 

245:707] - <+38. 80132575 , -77. 16092010> +/- 81.64m (speed -1.00 mps / course -1.00) & 6/6/12 5:53:59 AM Eastern Daylight Time 
245:707] timestamp location: -0.092763 
245:452f] whatsApp is not installed on the device 
245:452f] Checking last CH read 
245:452f] CALLAPI : i nit : Open database 
245:452f] CALLAPI : i nit : Database ready 
245:452f] CALLAPI : getLastcal 1 id : opening call Hi story db 
245:452f] ABAPl:init: Open database 

24 5 : 4 52f^ABAPI^n^t^Databas^^eadv^^^^^^^^^^^^^^ 

245:452|] checking AddressBook changes 
245:452|] ABAPI : getLastPer sonld : opening AddressBook db 



New address book entries 
found and uploaded. 



^ spyero 

l^^' Th* Ben ^p^^Mie Soft* 



| * XRY - C:\Documents and S etti n gs\Ad mi n\ strator\Des ktop\App le iPhon 


Home 


Edit View Export Tools Help 


[si m 

Extract Decode 
Data Images 
Extract Data 


■ 

Open Close Save Save Save 
As Special 

Open Save 


& SI 

Print Print 
Preview 

Print 



Importance Thumbnail Name 




logo.png 
minilogo.png 




% 



ownspy_icon.png Png 



c 3 s ooxjl o nly_. png Png (i Phone) 78 3 Byte 3 



empty@2x.png 



fi lec@2x.png 



Png (i Phone) 3.11KB 



Png (iPhone) 2.92 KB 



Creation Date: 
1/10/2012 8:30:23 PM UTC 



1 Items: 3967 Sel 


acted Items: 1 


Ready 1 





spyero 



v " XRY - C:\Documents and Setti ngslAdmi nistratorADesktofAAppLe iPhone 4S (A1387).xry 



Edit 



Export 



Tools 



Help 



Extract Decode 
Data Images 

Extract Data 



i H B B 

Open Close Save Save Save 

As Special 

Open Save 



Print Print 
Preview 

Print 



Date and Time: 
6/6/2012 UTC 



X 



Importance Application 



Time 



| Access Coi A pp Usage 



SUMMARY 



CASE DATA 



T DEVICE 



GENERAL INFORMATION 



NETWORK INFORMATION 



APP USAGE 



KEYBOARD CACHE 



CONTACTS 



CALLS 



► MESSAGES 



► LOCATIONS 



>■ WEB 




c om. ap pi e . p urplebudd y 
com.apple.mobilemail 
com.apple.mobilephone 
c om. ap pi e . M o bi leS MS 
com.ap pie. Preferences 
com.apple.mobilephone 
com.apple.purplebuddy 
com. apple. Mobiles MS 
com.ap pie. Preferences 
coni.app e.cane'3 
com.apple.mobilephone 
c om. ap pi e . mo bi lesafari 

c om. you rcompa ny.OwnSpy Reg iste r 



5/1 8/2012 UTC (Device) 2 

5/18/2012 UTC (Device) 1 

5/1 8/2012 UTC (Device) 2 

6/5/2012 UTC (Device) 1 

6/5/2012 UTC (Device) 5 

6/5/2012 UTC (Device) 1 

6/5/2012 UTC (Device) 2 

6/6/2012 UTC (Device) 4 

6/6/2012 UTC (Device) 3 

':-'i:.'20-2 o _ C [Device) 1 

6/6/2012 UTC (Device) 1 

6/6/2012 UTC (Device) 2 

6/6/2012 UTC (Device) 2 
6/6/2012 UTC (Device) 
6/6/2012 UTC (Device) 



com.yourcompany.OwnSpyRegister 



* XRY SYSTEM 



Time 6/6/2012 UTC (Device) 



Items: 15 Selected Hems: 1 



Ready 



spyero 

t^^' Th* Ben ^p^-EHie Soft* 



^ XRY - C:\Documents and S etti ngs \Ad mi ni s trato r\Des ktop\App le iPhone 4S (A13S7).xry 



Home 



Edit 



Export 



Tools 



Help 



Extract Decode 
Data Images 
Extract Data 



Open Close Save Save Save 
As Spedal 

Open Save 



w at 

Print Print 
Preview 

Print 



Importance A File Name 



File Path 



SUMMARY 



CASE DATA 



T DEVICE 



GENERAL INFORMATION 



NETWORK INFORMATION 



O 



APP USAGE 



KEYBOARD CACHE 



CONTACTS 



CALLS 



MESSAGES 



>■ LOCATIONS 



► WEB 



T FILES 



PICTURES 



AUDIO 



ARCHIVES 



UNRECOGNIZED 



► XRY SYSTEM 



Custo m Rec u rren c e . stri ngs 
Rem inderEditi ng.strings 



Search. stri ngs 
General. strings 



GeneraLstrings 
Search .stri ngs 
Invitations. stri ngs 



com. ownspy. reload . p li st 

OwnSpyTool.pl ist 

com. ownspy. process, p ist 

ResourceRules.plist 

._OwnSpyTool.pl ist 

Info.plist 

MainWindow.nib 



O wnSpy Reg is:s r V ewCo ntraller. nib 

._reseller.plist 

CodeResources 

Info.plist 

Info.plist 

nesel er.pl st 

ResourceRules.plist 

Installation.plist 

CodeResources 

ResourceRules.plist 

CodeResources 



/System/Libra ry/F 
/System/Libra ry/F 

/System/Libra ry/F 
/System/Li brary/F 



/System/Libra ry/F 
/System/Libra ry/F 
/System/Libra ry/F 
/System/Libra r//F 
/System/Libra ry/L 
/Library/MobileSt 
/System/Libra ry/J 
/Library/OwnSfJy. 
/Library/MoBileSt 
/Librar^OwnSpy 
/Lib*wy/OwnSpy 
iporary/CwnSpy. 
r /Library /OwnSpy. 
/Library/OwnSpy. 
/Library/OwnSpy 
/private/var/stash 
/Library/OwnSpy. 
/private/var/stash 
/private/var/stash 
/Library/OwnSpy. 
/Library/OwnSpy. 
/Library/OwnSpy. 



Items: 15623 Selected Items: 1 



Files related to OwnSpy: 

com.ownspy.reload.plist 

OwnSpyTool.list 

com. ownspy.process. list 

ResourceRules.plist 

_OwnspyTool.plist 

Info.plist 

MainWindow.nib 

OwnSpyRegiserViewController 

_reseller.plist 

CodeResources 

reseller.plist 

ResourceRules.plist 

Installation.plist 

CodeResources. plist 
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t^^' Th* Ben ^p^-EHie Soft* 



^ XRY - C:\Documents and Settings\Administratnr\IlMktnn\Annl*i iPhnne 4S (MIRJI xrv 
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APP USAGE 



KEYBOARD CACHE 
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MESSAGES 



>■ LOCATIONS 



► WEB 



T FILES 



PICTURES 



AUDIO 



ARCHIVES 



UNRECOGNIZED 



► XRY SYSTEM 



Locations: 



/Library/ModuleSubstrate/DynamicLibraries/ 
/Library/OwnSpy.app/ 

/private/var/stash/Applications.pOVE5x/SystemService.app/ 
/System/Library/LaunchDaemons/ 



Search. strings 
Invitations. strings 
Rem inderEditi ng.strings 
c om. ownspy. reload . p li st 
OwnSpyTool.pl ist 
com. ownspy. process, p ist 
ResourceRules.plist 
._OwnSpyTool.pl ist 
Info.plist 
MainWirtdow.nib 



/Syste rn/Libra rv/Frameworks/EventWffu I . f ramework/G e rn a 
/Syste rn/Libra ry/Frameworks/EyjfntKitU I . f ramework/G e rn a - . 



O wnSpy Reg is:s r V ewCo ntroller. nib 

._reseller.plist 

CodeResources 

Info.plist 

Info.plist 

-esel er.pl st 

ResourceRules.plist 

Installation.plist 

CodeResources 

ResourceRules.plist 



^TSyste rn/Libra ry/Frameworks/EventKitU I . f ramework/G e rrnan . 
/System/Libra ry/Lau nc h Daemons/ 
/Li b rary/Mobi leSu bstrate/Dyn a m ic Li braries/ 
/System/Libra ry/Lau nc h Daemons/ 
/Library /OwnSpy.app/CwnSpyReg iste r. a p pf 
/Li b rary/Mobi leSu bstrate/Dyn a m ic Li braries/ 
/Library/OwnSpy .app/CwnSpyReg iste r. a p p/ 
/Li b rary /OwnSpy. ap p/CwnSpyReg iste r. a p p/ 
/Library/OwnSpy .app/OwnSpyReg iste r. a p p/ 
/Li b rary /OwnSpy . ap p/ 
/Library /OwnSpy. app/ 
/Li b rary /OwnSpy. ap p/ 

/pri vate/va r/stash/Ap pi ications . pOVE5x/Sy ste rnServi c e . a pp7 
/Library/OwnSpy.app/ 

/pri vate/va r/stash/Ap pi ications . pOVE5x/Sy ste rnServi c e . a pp7 
/pri vate/va r/stash/Ap pi ications . pOVE5x/Sy ste rnServi c e . a pp7 
/Li b rary /OwnSpy . ap p/OwnSpyReg iste r. a p p _C odeS ign atu re. 
/Lib rary /OwnSpy. app/ 





* CodeResources 


\/Li b rary /OwnSpy . ap p/_CodeSign atu re/ 






< 




i 


> 



Data <No conversion 

available> 

Created 6/5/2012 5:10:39 PM 
UTC (Device) 

Modified 6/5/2012 5:10:39 PM 
UTC {Device) 



Items: 15623 Selected Items: 1 



Bottom line: 



Indicators: 

• History of: 

• Downloads (cache,thumbnails & cookies) 

• Installations 

• .apk file on the SD card 

• New databases within /data/data/ 
(configuration and log files) 

• New services running on the device 

• Monitoring number/website 

• Rooting/jailbreaking of the phone 
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